195 matches found
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
CVE-2019-9628
The CVE-2019-9628 entry concerns the XMLTooling library (versions prior to V3.0.4) bundled with OpenSAML and Shibboleth SP. A parsing issue in the XML declaration causes an exception type that is not properly handled, propagating an unexpected exception. OpenSUSE/SUSE advisories explicitly link C...
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Code injection
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
CVE-2014-3603 involves improper hostname verification in Shibboleth IdP (HttpResource/FileBackedHttpResource) and OpenSAML Java 2.6.2, allowing MITM spoofing of SSL with arbitrary valid certs. IBM/Liberty-focused advisories confirm affected products and versions: Liberty for Java 3.37 and earlier...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
UBUNTU-CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...
Security Bulletin: OpenSAML XML information disclosure (CVE-2013-6440)
Summary A version of OpenSAML shipped with Cúram could allow a remote authenticated attacker to obtain sensitive information. Customers that use opensaml.jar to secure web services may be affected. Vulnerability Details CVEID: CVE-2013-6440 DESCRIPTION: OpenSAML could allow a remote authenticated...
Security Bulletin: Rational Performance Tester Open Source OpenSAML XML Information Disclosure (CVE-2013-6440)
Summary A potential security vulnerability exists in IBM Rational Performance Tester related to OpenSAML. OpenSAML could allow a remote authenticated attacker to obtain sensitive information, caused by an error when parsing XML entities. By persuading a victim to open a specially-crafted XML...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud
Summary There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. There is an information disclosure vulnerability and a denial of service vulnerability that affect the IBM HTTP Server used by...
Security Bulletin: Information disclosure in Liberty for Java for IBM Cloud (CVE-2017-1681, CVE-2013-6440)
Summary There is a potential information disclosure vulnerability in WebSphere Application Server. There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2017-168...
Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440)
Summary There is an information disclosure due to an XML external entity XXE vulnerability when using the OpenSAML features in WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2013-6440 DESCRIPTION: OpenSAML could allow a remote authenticated attacker to obtain sensitive...
openSUSE Security Update : opensaml (openSUSE-2017-1350)
This update for opensaml fixes the following issues : Security issue fixed : - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks bsc1068685. This update was imported from the SUSE:SLE-12-SP1:Update...