3794 matches found
CA20130319-01: Security Notice for SiteMinder products using SAML
-----BEGIN PGP SIGNED MESSAGE----- CA20130319-01: Security Notice for SiteMinder products using SAML Issued: March 19, 2013 CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language SAML. Multiple...
CA SiteMinder privilege escalation
Invalid SAML signature verification...
CVE-2013-2279
CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...
Code injection
CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...
CVE-2013-2279
CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...
CVE-2013-2279
The CVE-2013-2279 issue affects CA SiteMinder Federation (FSS) 12.5/12.0 and r6, Federation Standalone 12.1/12.0, Agent for SharePoint 2010, and SiteMinder for Secure Proxy Server (6.0/12.0/12.5). Root cause: inadequate verification of XML signatures in SAML statements, enabling remote attackers ...
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
DEBIAN-CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
UBUNTU-CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
Information disclosure
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...
CVE-2012-6426
CVE-2012-6426 affects LemonLDAP::NG prior to 1.2.3. The issue is that it does not use the Lasso library’s signature-verification capability, enabling remote attackers to bypass access-control restrictions through crafted SAML data. The description in connected records confirms the root cause and ...
CVE-2012-5353
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...
CVE-2012-5351
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
Authentication flaw
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
Authentication flaw
Java Open Single Sign-On Project Home JOSSO allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...
Authentication flaw
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...