Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2017-16153 Vulnerability in npm package gaoxuyan

CVE-2016-6815 Vulnerability in maven package org.apache.ranger:ranger-kafka-plugin

CVE-2013-7454 Vulnerability in npm package validator

CVE-2021-45458 Vulnerability in maven package org.apache.kylin:kylin-core-common

CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory