Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2021-39233 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage

CVE-2023-30529 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

CVE-2020-13954 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory