294 matches found
[SECURITY] [DLA 290-2] opensaml2 security update
Package : opensaml2 Version : 2.3-2+squeeze2 CVE ID : CVE-2015-0851 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-...
[SECURITY] Fedora 22 Update: opensaml-java-2.5.3-9.fc22
OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language SAML. OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0...
[SECURITY] Fedora 21 Update: opensaml-java-2.5.3-9.fc21
OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language SAML. OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0...
Red Hat PicketLink SAML Assertion AudienceRestriction Security Bypass Vulnerability
Red Hat PicketLink a unified identity management framework for Java applications. A security bypass vulnerability exists in Red Hat PicketLink that could be exploited by an attacker to bypass security restrictions and perform unauthorized access...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
Unspecified Vulnerability in Oracle OpenSSO SAML Subpart (CNVD-2015-00552)
OpenSSO project is an open source implementation of SSO Single Sign-On for Web applications deployed on different Web or different servers to provide centralized authentication capabilities . Oracle OpenSSO SAML subcomponent has a security vulnerability that allows remote attackers to exploit the...
CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...
CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...
Fedora Update for opensaml FEDORA-2011-12815
Check for the Version of opensaml OpenVAS Vulnerability Test Fedora Update for opensaml FEDORA-2011-12815 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 16 Update: opensaml-2.3-6.fc16
OpenSAML is an open source implementation of the OASIS Security Assertion Markup Language Specification. It contains a set of open source C++ classes that support the SAML 1.0, 1.1, and 2.0 specifications...
Fedora Update for opensaml FEDORA-2011-12890
Check for the Version of opensaml OpenVAS Vulnerability Test Fedora Update for opensaml FEDORA-2011-12890 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Google SAML Single Sign on vulnerability
Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...