Lucene search
GoogleOSV:GHSA-36P7-XJW8-H6F2HistoryAug 21, 2018 - 5:08 p.m.
Ruby-saml allows attackers to perform XML signature wrapping attacks
2018-08-2117:08:30
Google
osv.dev
4
0.001 Low
EPSS
Percentile
36.5%
ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
ruby-saml users must update to 1.3.0, which implements 3 extra validations to mitigate this kind of attack.
Related
ubuntucve
ubuntucve
CVE-2016-5697
2017-01-23 00:00:00
nessus
nessus
freebsd
freebsd
ruby-saml -- XML signature wrapping attack
2016-06-24 00:00:00
cve
cve
CVE-2016-5697
2017-01-23 21:59:01
prion
prion
Design/Logic Flaw
2017-01-23 21:59:00
osv
osv
CVE-2016-5697
2017-01-23 21:59:01
nvd
nvd
CVE-2016-5697
2017-01-23 21:59:01
github
github
Ruby-saml allows attackers to perform XML signature wrapping attacks
2018-08-21 17:08:30
debiancve
debiancve
CVE-2016-5697
2017-01-23 21:59:01
cvelist
cvelist
CVE-2016-5697
2017-01-23 21:00:00