12 matches found
[SECURITY] Fedora 42 Update: lemonldap-ng-2.21.3-1.fc42
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 43 Update: lemonldap-ng-2.21.3-1.fc43
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 40 Update: lemonldap-ng-2.21.0-1.fc40
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 41 Update: lemonldap-ng-2.21.0-1.fc41
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 42 Update: lemonldap-ng-2.21.0-1.fc42
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 40 Update: lemonldap-ng-2.20.2-1.fc40
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
USN-4925-1: Shibboleth vulnerability
Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content...
Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability (CNVD-2019-02781)
Microsoft Windows Server 2019 and others are a series of operating systems released by Microsoft Corporation, U.S.A. Active Directory Federation Services AD FS is an Active Directory Federation Service that runs on Windows systems. The service provides Web Single Sign-On SSO technology that enabl...
Microsoft Windows Server ADFS Server-Side Request Forgery Vulnerability
Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A server-side request forgery...
Debian Security Advisory DSA 2284-1 (opensaml2)
The remote host is missing an update to opensaml2 announced via advisory DSA 2284-1. OpenVAS Vulnerability Test $Id: deb22841.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2284-1 opensaml2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2284-1 : opensaml2 - implementation error
Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco Kampmann and Joerg Schwenk discovered that Shibboleth, a federated web single sign-on system is vulnerable to XML signature wrapping attacks. More details can be found in the Shibboleth advisory. %NASLMINLEVEL 70300 C Tenable...
mod_pubcookie -- cross site scripting vulnerability
Nathan Dors of the Pubcookie Project reports: Non-persistent XSS vulnerabilities were found in the Pubcookie Apache module modpubcookie and ISAPI filter. These components mishandle untrusted data when printing responses to the browser. This makes them vulnerable to carefully crafted requests...