CVE-2011-1411 Vulnerability in maven package org.opensaml:opensaml

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://secunia.com/advisories/50994

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Related Vulnerabilities

CVE-2024-4367 Vulnerability in maven package org.webjars.bower:pdfjs-dist

CVE-2023-25158 Vulnerability in maven package org.geotools:gt-jdbc

CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2021-41084 Vulnerability in maven package org.http4s:http4s-server_3

CVE-2023-41037 Vulnerability in npm package openpgp

Severity

Critical

Classification

CWE-287