6 matches found
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby SAML vulnerabilities (USN-7309-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7309-1 advisory. It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated...
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
UBUNTU-CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
CVE-2016-5697
CVE-2016-5697 concerns the Ruby-saml library before version 1.3.0, where improper handling of SAML signatures allows XML signature wrapping attacks via unspecified vectors. The vulnerability can enable an unauthenticated attacker to impersonate a user by abusing how SAML responses are validated (...
FreeBSD : ruby-saml -- XML signature wrapping attack (3fcd52b2-4510-11e6-a15f-00248c0c745d)
RubySec reports : ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion...