Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2023-46233 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js

CVE-2022-45391 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2015-5254 Vulnerability in maven package org.apache.activemq:activemq-core

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory