Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-2516

Published: 11/07/2011 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth prior to 2.4.3 and possibly other products, allows remote malicious users to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache xml security for c\\+\\+ 1.6.0

shibboleth shibboleth-sp 1.3.2

shibboleth shibboleth-sp 1.3.3

shibboleth shibboleth-sp

shibboleth shibboleth-sp 2.4.1

shibboleth shibboleth-sp 1.3.4

shibboleth shibboleth-sp 2.2

shibboleth shibboleth-sp 2.1

shibboleth shibboleth-sp 1.3f

shibboleth shibboleth-sp 2.0

shibboleth shibboleth-sp 2.4

shibboleth shibboleth-sp 2.2.1

shibboleth shibboleth-sp 2.3.1

shibboleth shibboleth-sp 2.3

shibboleth shibboleth-sp 1.3.1

shibboleth shibboleth-sp 1.3.5

Vendor Advisories

Debian CVElist Bug Report Logs: xml-security-c: CVE-2011-2516: buffer overflows signing or verifying with large keys
Debian Bug report logs - #632973 xml-security-c: CVE-2011-2516: buffer overflows signing or verifying with large keys Package: xml-security-c; Maintainer for xml-security-c is Debian Shib Team <pkg-shibboleth-devel@listsaliothdebianorg>; Reported by: Dominic Hargreaves <dom@earthli> Date: Thu, 7 Jul 2011 14:15:01 ...

References

CWE-189http://secunia.com/advisories/45191http://secunia.com/advisories/45151http://shibboleth.internet2.edu/secadv/secadv_20110706.txthttps://issues.apache.org/jira/browse/SANTUARIO-271http://www.securityfocus.com/bid/48611http://santuario.apache.org/secadv/CVE-2011-2516.txthttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.htmlhttp://secunia.com/advisories/45491http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.htmlhttp://www.securitytracker.com/id?1025755http://secunia.com/advisories/45198http://www.debian.org/security/2011/dsa-2277https://exchange.xforce.ibmcloud.com/vulnerabilities/68420http://www.securityfocus.com/archive/1/518756/100/0/threadedhttps://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3Ehttps://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook