Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server

CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv

CVE-2020-2209 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-security-utils

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory