CVE-2011-1411 Vulnerability in maven package org.opensaml:opensaml

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2020-13934 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-25179 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-multibranch

CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core

CVE-2020-2125 Vulnerability in maven package ru.yandex.jenkins.plugins.debuilder:debian-package-builder

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant

Severity

Critical

Classification

CWE-287