Summary
OpenSAML is prone to a security vulnerability involving XML signature wrapping.
Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content. This may aid in further attacks.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2011-1411 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
- CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability