Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2011-1411

Published: 02/09/2011 Updated: 11/10/2013
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Opensaml

Vulnerability Summary

Shibboleth OpenSAML library 2.4.x prior to 2.4.3 and 2.5.x prior to 2.5.1, and IdP prior to 2.3.2, allows remote malicious users to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Product Search on Vulmon Subscribe to Product

shibboleth opensaml 2.4.0

shibboleth opensaml 2.4.1

shibboleth opensaml 2.4.2

shibboleth opensaml 2.5.0

shibboleth shibboleth-identity-provider 2.2.0

shibboleth shibboleth-identity-provider 2.1.5

shibboleth shibboleth-identity-provider 2.1.4

shibboleth shibboleth-identity-provider 2.1.3

shibboleth shibboleth-identity-provider 2.3.0

shibboleth shibboleth-identity-provider 2.2.1

shibboleth shibboleth-identity-provider 2.1.0

shibboleth shibboleth-identity-provider 2.0.0

shibboleth shibboleth-identity-provider

shibboleth shibboleth-identity-provider 2.1.2

shibboleth shibboleth-identity-provider 2.1.1

Vendor Advisories

Debian Security Advisories: DSA-2284-1 opensaml2 -- implementation error
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks More details can be found in the Shibboleth advisory For the oldstable distribution (lenny), this problem has been fixed in version 20-2+ ...

References

CWE-287http://shibboleth.internet2.edu/secadv/secadv_20110725.txthttp://www.debian.org/security/2011/dsa-2284http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlhttp://secunia.com/advisories/50994http://www.mandriva.com/security/advisories?name=MDVSA-2013:150https://nvd.nist.govhttps://www.debian.org/security/./dsa-2284
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook