Published: 23/01/2017 Updated: 25/01/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Ruby-saml prior to 1.3.0 allows malicious users to perform XML signature wrapping attacks via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
onelogin ruby-saml

Debian Bug report logs - #828076 ruby-saml: CVE-2016-5697 Package: src:ruby-saml; Maintainer for src:ruby-saml is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 24 Jun 2016 17:54:11 UTC Severity: grave Tags: fixed- ...

Ruby SAML Updating from 180 to 190 Version 180 better supports Ruby 24+ and JRuby 9200 Settings initialization now has a second parameter, keep_security_settings (default: false), which saves security settings attributes that are not explicitly overridden, if set to true Updating from 17X to 180 On Version 180, creating AuthRequests/LogoutRequests/LogoutRes

CWE-91 http://www.openwall.com/lists/oss-security/2016/06/24/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828076 https://nvd.nist.gov

CVE-2016-5697

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect