6 matches found
Astra Linux – Vulnerability in xmltooling
Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...
UBUNTU-CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
DEBIAN-CVE-2019-9628
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...
Shibboleth OpenSAML-C and Shibboleth Service Provider XMLTooling-C Numeric Error Vulnerabilities
Shibboleth OpenSAML-C and Shibboleth Service Provider SP are both products of Shibboleth, a British company. OpenSAML-C is an open source library for implementing SAML Security Assertion Markup Language written in C. Shibboleth is an open source web single sign-on system based on the SAML protoco...
DEBIAN-CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
UBUNTU-CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...