3772 matches found
CVE-2011-1386
IBM Tivoli Federated Identity Manager TFIM and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization...
CVE-2011-1386
The CVE concerns IBM Tivoli Federated Identity Manager (TFIM) and TFIMBG versions 6.1.1, 6.2.0, and 6.2.1, where signature validation for SAML 1.0/1.1/2.0 is not performed correctly. This allows remote attackers to bypass authentication or authorization by submitting a non-conforming SAML signatu...
[SECURITY] Fedora 15 Update: opensaml-2.3-4.fc15
OpenSAML is an open source implementation of the OASIS Security Assertion Markup Language Specification. It contains a set of open source C++ classes that support the SAML 1.0, 1.1, and 2.0 specifications...
CVE-2008-7299
IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...
Design/Logic Flaw
IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...
CVE-2008-7299
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 is vulnerable to a spoofing issue in its SAML 1.x browser-artifact handling. The root cause is an incomplete browser-artifact mechanism that enables remote OpenID providers to spoof assertions via the Issuer field, affecting TFIM versions prior t...
CVE-2008-7299
IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...
Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)
Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...
Fedora 12 : php-pear-CAS-1.1.2-1.fc12 (2010-12247)
Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...
Debian DSA-1896-1 : opensaml, shibboleth-sp - several vulnerabilities
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate...
Debian DSA-1895-1 : xmltooling - several vulnerabilities
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate names were not...
Debian: Security Advisory (DSA-1895-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1895-2] New opensaml2 and shibboleth-sp2 packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-1895-2 [email protected] http://www.debian.org/security/ Florian Weimer October 09, 2009 http://www.debian.org/security/faq -...
DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict
Bulletin has no description...
Debian Security Advisory DSA 1896-1 (opensaml, shibboleth-sp)
The remote host is missing an update to opensaml, shibboleth-sp announced via advisory DSA 1896-1. OpenVAS Vulnerability Test $Id: deb18961.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1896-1 opensaml, shibboleth-sp Authors: Thomas Reinke Copyright:...
[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1895-1 [email protected] http://www.debian.org/security/ Florian Weimer September 24, 2009 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 1895-1 (xmltooling)
The remote host is missing an update to xmltooling announced via advisory DSA 1895-1. OpenVAS Vulnerability Test $Id: deb18951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1895-1 xmltooling Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
DSA-1896-1 opensaml shibboleth-sp - potential code execution
Bulletin has no description...