OpenSAML XML Signature Wrapping Security Vulnerability Network Vulnerability

Summary

OpenSAML is prone to a security vulnerability involving XML signature wrapping. Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content. This may aid in further attacks.

Solution

Updates are available. Please see the references for more information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.securityfocus.com/bid/48890
https://spaces.internet2.edu/display/OpenSAML/Home/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1411

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Check for IIS .cnf file leakage
IBM WebSphere Application Multiple Vulnerabilities Jul-11
Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
Acritum Femitter Server URI Directory Traversal Vulnerability
IBM WebSphere Application Server Administration Console DoS vulnerability

Take action and discover your vulnerabilities