Shibboleth Service Provider 3.x prior to 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shibboleth service provider |