OpenSAML XML Signature Wrapping Security Vulnerability Network Vulnerability

Summary

OpenSAML is prone to a security vulnerability involving XML signature wrapping. Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content. This may aid in further attacks.

Solution

Updates are available. Please see the references for more information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.securityfocus.com/bid/48890
https://spaces.internet2.edu/display/OpenSAML/Home/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1411
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
CommuniGate Pro Web Mail URI Parsing HTML Injection Vulnerability
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability

Take action and discover your vulnerabilities