39 matches found
EUVD-2022-2952
Malicious code in bioql PyPI...
EUVD-2022-5302
Malicious code in bioql PyPI...
SUSE CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
SUSE CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
GHSA-RM7V-GQFG-P2WC Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
GHSA-V723-58JV-2QC4 Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity XXE attacks via a crafted XML DOCTYPE declaration...
Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: Shibboleth Identity Provider IdP and OpenSAML Java could allow a...
Security Bulletin: Vulnerabilities in Websphere Liberty and OpenLiberty
Summary There are vulnerabilities in Websphere Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability.
Summary Rational Asset Analyzer RAA has addressed the following vulnerability in WAS. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Code injection
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
CVE-2014-3603 involves improper hostname verification in Shibboleth IdP (HttpResource/FileBackedHttpResource) and OpenSAML Java 2.6.2, allowing MITM spoofing of SSL with arbitrary valid certs. IBM/Liberty-focused advisories confirm affected products and versions: Liberty for Java 3.37 and earlier...
BSA-2017-470
Security Advisory ID : BSA-2017-470 Component : Expand Entity References Revision : 1.0: Interim The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote...
Fedora 21 : opensaml-java-2.5.3-9.fc21 / opensaml-java-openws-1.5.5-2.fc21 (2015-10175)
OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 22 : opensaml-java-2.5.3-9.fc22 / opensaml-java-openws-1.5.5-2.fc22 (2015-10235)
OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora Update for opensaml-java FEDORA-2015-10175
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for opensaml-java-openws FEDORA-2015-10175
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...