Description
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Remediation
References
http://secunia.com/advisories/50994
http://shibboleth.internet2.edu/secadv/secadv_20110725.txt
http://www.debian.org/security/2011/dsa-2284
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Related Vulnerabilities
CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server
CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv
CVE-2020-2209 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete
CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-security-utils