23 matches found
EUVD-2009-3457
Malware in sbrugna...
Security Bulletin: IBM Sterling Connect:Direct Web Services is uses xmltooling-1.4.4.jar, which contains a vulnerability
Summary IBM Sterling Connect:Direct Web Services uses Shibboleth Identity Provider, which could allow a remote attacker to bypass security restrictions. It's caused by an error in the PKIX trust component. Vulnerability Details CVEID:CVE-2015-1796 DESCRIPTION: Shibboleth Identity Provider could...
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...
CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...
Design/Logic Flaw
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...
CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...
CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...
Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority...
Debian DSA-1896-1 : opensaml, shibboleth-sp - several vulnerabilities
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate...
Debian DSA-1895-1 : xmltooling - several vulnerabilities
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate names were not...
Shibboleth Service Provider NULL Character Spoofing Vulnerability - Windows
Shibboleth Service Provider is prone to a NULL character spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Shibboleth Service Provider NULL Character Spoofing Vulnerability (Windows)
The host has Shibboleth Service Provider installed and is prone to NULL Character Spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbshibbolethspnullcharspoofingvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ Shibboleth Service Provider NULL Character Spoofing Vulnerability Windows Authors...
DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict
Bulletin has no description...
CVE-2009-3475
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...
Design/Logic Flaw
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...
CVE-2009-3475
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...
CVE-2009-3475
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...
[Backports-security-announce] Security update for opemsaml and shibboleth-sp
Russ Allbery uploaded new packages for opensaml and shibboleth-sp which fixed the following security problems: DSA-1896-1 Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to ...
[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 1895-1 (xmltooling)
The remote host is missing an update to xmltooling announced via advisory DSA 1895-1. OpenVAS Vulnerability Test $Id: deb18951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1895-1 xmltooling Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...