Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Remediation

References

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://www.debian.org/security/2011/dsa-2284

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

http://secunia.com/advisories/50994

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Related Vulnerabilities

CVE-2023-46650 Vulnerability in maven package com.coravy.hudson.plugins.github:github

CVE-2023-29506 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter

CVE-2019-1003099 Vulnerability in maven package org.jenkins-ci.plugins:openid

CVE-2019-0231 Vulnerability in maven package org.apache.mina:mina-core

Severity

Critical

Classification

CWE-287

Tags

Vendor Advisory