5 matches found
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
UBUNTU-CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
CVE-2016-5697
CVE-2016-5697 concerns the Ruby-saml library before version 1.3.0, where improper handling of SAML signatures allows XML signature wrapping attacks via unspecified vectors. The vulnerability can enable an unauthenticated attacker to impersonate a user by abusing how SAML responses are validated (...
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
FreeBSD : ruby-saml -- XML signature wrapping attack (3fcd52b2-4510-11e6-a15f-00248c0c745d)
RubySec reports : ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...