6 matches found
GHSA-PCGW-QCV5-H8CH Unsigned SAML LogoutRequest Acceptance in gosaml2
Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...
EUVD-2020-27088
Malware in sbrugna...
CVE-2020-5934
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted...
CVE-2020-5934
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted...
Code injection
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted...
CVE-2020-5934
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout SLO URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted...