Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/12/02 8:0 p.m.29 views

SimpleSAMLphp vulnerable to XXE in parsing SAML messages

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. Original Description Summary When loading an untrusted XML document, fo...

8.8CVSS6.3AI score0.00985EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/01 1:56 a.m.26 views

CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS4.6AI score0.02457EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/26 5:0 p.m.38 views

CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

6.5CVSS6.5AI score0.02457EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2017/11/14 8:27 p.m.46 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/14 8:23 p.m.2 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
Rows per page
Query Builder