Summary
This host is installed with Shibboleth and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause the application to crash, resulting in denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to Shibboleth version 2.4.3 or later,
For updates refer to http://shibboleth.internet2.edu/downloads.html
Insight
The flaw is due to off-by-one error in the XML signature feature in Apache XML Security, allows remote attackers to cause a denial of service via a signature using a large RSA key, which triggers a buffer overflow.
Affected
Shibboleth versions prior to 2.4.3
References
Severity
Classification
-
CVE CVE-2011-2516 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities