Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/09/2009 Updated: 17/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

OpenSAML 2.x prior to 2.2.1 and XMLTooling 1.x prior to 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x prior to 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote malicious users to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
internet2 opensaml 2.1.0
internet2 xmltooling 1.2.0
internet2 opensaml 2.2.0
internet2 opensaml 2.0
internet2 xmltooling 1.0.1
internet2 xmltooling 1.1.0
internet2 xmltooling 1.1.1
internet2 shibboleth-sp 2.2
internet2 shibboleth-sp 2.1
internet2 shibboleth-sp 1.3.1
internet2 shibboleth-sp 2.0
internet2 shibboleth-sp 1.3f
internet2 shibboleth-sp 1.3b
internet2 shibboleth-sp 1.3.2

CWE-310 http://secunia.com/advisories/36876 http://www.securityfocus.com/bid/36516 http://secunia.com/advisories/36855 http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt http://secunia.com/advisories/36868 http://www.debian.org/security/2009/dsa-1895 https://bugs.internet2.edu/jira/browse/CPPOST-28 http://www.debian.org/security/2009/dsa-1896 https://exchange.xforce.ibmcloud.com/vulnerabilities/53474 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3474

Vulnerability Summary

References

Vulmon Search

About

Products

Connect