Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-36661HistoryJun 25, 2023 - 10:15 p.m.
CVE-2023-36661
2023-06-2522:15:21
Debian Security Bug Tracker
security-tracker.debian.org
8
shibboleth xmltooling
ssrf
vulnerability
fixed
windows
keyinfo
element
0.0004 Low
EPSS
Percentile
12.6%
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | xmltooling | < 3.2.3-1+deb12u1 | xmltooling_3.2.3-1+deb12u1_all.deb |
| Debian | 11 | all | xmltooling | < 3.2.0-3+deb11u1 | xmltooling_3.2.0-3+deb11u1_all.deb |
| Debian | 10 | all | xmltooling | < 3.0.4-1+deb10u2 | xmltooling_3.0.4-1+deb10u2_all.deb |
| Debian | 999 | all | xmltooling | < 3.2.4-1 | xmltooling_3.2.4-1_all.deb |
| Debian | 13 | all | xmltooling | < 3.2.4-1 | xmltooling_3.2.4-1_all.deb |
Related
redhatcve
redhatcve
CVE-2023-36661
2023-07-24 23:17:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3089-1)
2023-08-02 00:00:00
Debian: Security Advisory (DLA-3464-1)
2023-07-04 00:00:00
openSUSE: Security Advisory for xmltooling (SUSE-SU-2023:3089-1)
2024-03-04 00:00:00
osv
osv
xmltooling - security update
2023-06-21 00:00:00
xmltooling - security update
2023-06-18 00:00:00
xmltooling vulnerability
2023-08-03 14:45:50
prion
prion
Server side request forgery (ssrf)
2023-06-25 22:15:00
cve
cve
CVE-2023-36661
2023-06-25 22:15:21
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:3089-1)
2023-08-02 00:00:00
openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)
2023-07-04 00:00:00
Ubuntu 16.04 ESM : XMLTooling vulnerability (USN-6274-1)
2023-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2023-36661
2023-06-25 00:00:00
ubuntu
ubuntu
XMLTooling vulnerability
2023-08-03 00:00:00
cvelist
cvelist
CVE-2023-36661
2023-06-25 00:00:00
thn
thn
Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
2024-02-06 06:58:00
zdt
zdt
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
2024-02-21 00:00:00
metasploit
metasploit
Ivanti Connect Secure Unauthenticated Remote Code Execution
2024-02-06 11:49:04
packetstorm
packetstorm
Ivanti Connect Secure Unauthenticated Remote Code Execution
2024-02-21 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 02/23/2024
2024-02-23 17:50:39