Description
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Remediation
References
http://secunia.com/advisories/50994
http://shibboleth.internet2.edu/secadv/secadv_20110725.txt
http://www.debian.org/security/2011/dsa-2284
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Related Vulnerabilities
CVE-2019-17640 Vulnerability in maven package io.vertx:vertx-core
CVE-2013-2135 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2020-2213 Vulnerability in maven package org.jenkins-ci.plugins:whitesource
CVE-2019-10412 Vulnerability in maven package com.inedo.proget:inedo-proget