Shibboleth XML Security Signature Key Parsing Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Shibboleth and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause the application to crash, resulting in denial-of-service conditions. Impact Level: Application

Solution

Upgrade to Shibboleth version 2.4.3 or later, For updates refer to http://shibboleth.internet2.edu/downloads.html

Insight

The flaw is due to off-by-one error in the XML signature feature in Apache XML Security, allows remote attackers to cause a denial of service via a signature using a large RSA key, which triggers a buffer overflow.

Affected

Shibboleth versions prior to 2.4.3

References

http://secunia.com/advisories/45191
http://shibboleth.internet2.edu/secadv/secadv_20110706.txt
http://xforce.iss.net/xforce/xfdb/68420

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2516
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
ClamAV 'parseicon()' Denial Of Service Vulnerability
F-PROT Antivirus Multiple Vulnerabilities
Cogent DataHub Integer Overflow Vulnerability
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability

Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities