Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth xmltooling vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36661
Shibboleth XMLTooling prior to 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Shibboleth Xmltooling
Debian Debian Linux 11.0
Debian Debian Linux 12.0
5
CVSSv2
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propaga...
Xmltooling Project Xmltooling
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.0
Opensuse Leap 42.3
6.4
CVSSv2
CVE-2018-0489
Shibboleth XMLTooling-C prior to 1.6.4, as used in Shibboleth Service Provider prior to 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks via craf...
Shibboleth Xmltooling-c
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Arubanetworks Clearpass
6.4
CVSSv2
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2015-0851
XMLTooling-C prior to 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote malicious users to cause a denial of service (crash) via schema-invalid XML data.
Xmltooling Project Xmltooling
2.6
CVSSv2
CVE-2009-3300
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x prior to 1.3.4 and 2.x prior to 2.1.5, and the Service Provider 1.3.x prior to 1.3.5 and 2.x prior to 2.3, in Internet2 Middleware Initiative Shibboleth allow remote malicious users to inject...
Internet2 Identity Provider 2.1.2
Internet2 Identity Provider 2.1.3
Internet2 Service Provider 2.2
Internet2 Service Provider 2.1
Internet2 Identity Provider 1.3.1
Internet2 Identity Provider 1.3
Internet2 Service Provider 1.3.1
Internet2 Service Provider 1.3.2
Internet2 Identity Provider 1.3.3
Internet2 Identity Provider 1.3.2
Internet2 Identity Provider 2.1.4
Internet2 Service Provider 1.3
Internet2 Identity Provider 2.1.0
Internet2 Identity Provider 2.1.1
Internet2 Service Provider 1.3.3
Internet2 Service Provider 2.0
7.5
CVSSv2
CVE-2009-3474
OpenSAML 2.x prior to 2.2.1 and XMLTooling 1.x prior to 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x prior to 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote malicious users to use a certificate for both signing and encrypti...
Internet2 Opensaml 2.1.0
Internet2 Xmltooling 1.2.0
Internet2 Opensaml 2.2.0
Internet2 Opensaml 2.0
Internet2 Xmltooling 1.0.1
Internet2 Xmltooling 1.1.0
Internet2 Xmltooling 1.1.1
Internet2 Shibboleth-sp 2.2
Internet2 Shibboleth-sp 2.1
Internet2 Shibboleth-sp 1.3.1
Internet2 Shibboleth-sp 2.0
Internet2 Shibboleth-sp 1.3f
Internet2 Shibboleth-sp 1.3b
Internet2 Shibboleth-sp 1.3.2
9.3
CVSSv2
CVE-2009-3476
Buffer overflow in OpenSAML prior to 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x prior to 1.3.4, and XMLTooling prior to 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x prior to 2.2.1, allows remote malicious users to cause a denial o...
Internet2 Shibboleth-sp 1.3.2
Internet2 Shibboleth-sp 1.3.3
Internet2 Shibboleth-sp 1.3.1
Internet2 Shibboleth-sp 1.3f
Internet2 Opensaml 1.1
Internet2 Opensaml 1.1.1
Internet2 Xmltooling 1.1.0
Internet2 Xmltooling 1.0.1
Internet2 Xmltooling 1.1.1
Internet2 Xmltooling 1.2.0
Internet2 Xmltooling 1.2.1
Internet2 Shibboleth-sp 2.0
Internet2 Shibboleth-sp 2.1
Internet2 Shibboleth-sp 2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started