Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2016-2164 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2023-35931 Vulnerability in npm package shescape

CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai

CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler

CVE-2022-36905 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory