16 matches found
PT-2024-25995 · W3C · Xml Signature Syntax/Processing
The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...
openSUSE: Security Advisory for xmltooling (SUSE-SU-2023:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...
CVE-2023-36661
creationtimestamp| type| source ---|---|--- 2024-02-20 23:56:50+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ivanticonnectsecurercecve202421893.rb 2024-03-18 16:03:48+00:00| seen| MISP/b832113b-e603-406a-ba62-aae9ba13b1b4 2025-02-06...
SUSE SLES15: libxmltooling-devel / libxmltooling-lite9 / libxmltooling9 / etc (SUSE-SU-2023:3089-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3089-1 advisory. - CVE-2023-36661: Fix server-side request forgery vulnerability bsc1212359 Tenable has extracted the preceding description blo...
SUSE: Security Advisory (SUSE-SU-2023:3089-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:3089-1 Security update for xmltooling
This update for xmltooling fixes the following issues: - CVE-2023-36661: Fix server-side request forgery vulnerability bsc1212359...
SUSE SLES12 Security Update : xmltooling (SUSE-SU-2023:2975-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2975-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block...
SUSE: Security Advisory (SUSE-SU-2023:2975-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2766-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block directly from the...
Debian: Security Advisory (DLA-3464-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
CVE-2023-36661 affects Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider. The underlying issue is a server-side request forgery (SSRF) via a crafted KeyInfo element in XML signatures. This yields unauthenticated SSRF risk with impact on availability (per CVE ...