214 matches found
CVE-2011-2516
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...
CVE-2011-2516
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...
Buffer overflow
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...
CVE-2011-2516
CVE-2011-2516 affects xml-security-c (XML Digital Signature for C++). The off-by-one/buffer overflow vulnerability occurs in the XML signature verification/signing path when using very large RSA keys (notably 8192+ bits), potentially crashing applications or, per Debian advisory, allowing arbitra...
CVE-2011-2516
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...
PT-2011-3910 · Apache +1 · Apache Xml Security For C++ +1
Name of the Vulnerable Software and Affected Versions: Apache XML Security for C++ version 1.6.0 Shibboleth versions prior to 2.4.3 Description: The issue is caused by an off-by-one error in the XML signature feature, which can be exploited by remote attackers to cause a denial of service crash v...
Security Advisory: CVE-2011-2516
Please be advised that a security issue affecting the Apache XML Security Library for C++ has been identified and an updated version released to address the issue. The full text of the advisory is below, and a signed version can be found at: http://santuario.apache.org/secadv/CVE-2011-2516.txt --...
Apache XML-RPC信息泄露漏洞
Apache XML-RPC是一种Java语言的XML-RPC协议实现。 Apache XML-RPC的实现上存在设计问题,远程攻击者可能利用来从服务端获取敏感信息。 Apache XML-RPC的SAX解析器允许包含外部资源,恶意客户端可能利用这个机制把服务器上资源包含进来。 Apache Group Apache XML-RPC 3.x Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://ws.apache.org/xmlrpc/changes-report.htmla3.1.3...
Fedora Core 11 FEDORA-2009-8157 (xml-security-c)
The remote host is missing an update to xml-security-c announced via advisory FEDORA-2009-8157. OpenVAS Vulnerability Test $Id: fcore20098157.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8157 xml-security-c Authors: Thomas Reinke Copyright:...
Fedora Core 11 FEDORA-2009-8157 (xml-security-c)
The remote host is missing an update to xml-security-c announced via advisory FEDORA-2009-8157. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 10 FEDORA-2009-8121 (xml-security-c)
The remote host is missing an update to xml-security-c announced via advisory FEDORA-2009-8121. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11
The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...
[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10
The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...
Command Execution in Hannon Hill Cascade Server
Emory University UTS Security Advisory EMORY-2009-01 Topic: Command Execution in Hannon Hill Cascade Server Original release date: March 19, 2009 SUMMARY ======= Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged...