Description
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Remediation
References
http://shibboleth.internet2.edu/secadv/secadv_20110725.txt
http://www.debian.org/security/2011/dsa-2284
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
http://secunia.com/advisories/50994
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Related Vulnerabilities
CVE-2023-30524 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2019-10371 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth
CVE-2020-25633 Vulnerability in maven package org.jboss.resteasy:resteasy-client
CVE-2012-0213 Vulnerability in maven package org.apache.poi:poi-scratchpad