3 matches found
CVE-2013-6440
CVE-2013-6440 affects Shibboleth OpenSAML-Java before 2.6.1 where the expandEntityReferences setting was left true, enabling XML external entity (XXE) attacks via crafted DOCTYPEs. Affected library: OpenSAML-Java in Shibboleth deployments. Impact per sources is exposure of sensitive information t...
CVE-2009-3476
CVE-2009-3476 affects OpenSAML prior to 1.1.3 when used in Internet2 Shibboleth Service Provider (SP) software 1.3.x before 1.3.4, and XMLTooling prior to 1.2.2 as used in Shibboleth SP 2.x before 2.2.1. Description: a malformed encoded URL may be exploited by remote attackers to cause a denial o...
CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not enforce a KeyDescriptor Use attribute, allowing a certificate designated for a single purpose (signing or encryption) to be used for both. This weakens the intended...