2 matches found
CVE-2009-3476
CVE-2009-3476 affects OpenSAML prior to 1.1.3 when used in Internet2 Shibboleth Service Provider (SP) software 1.3.x before 1.3.4, and XMLTooling prior to 1.2.2 as used in Shibboleth SP 2.x before 2.2.1. Description: a malformed encoded URL may be exploited by remote attackers to cause a denial o...
CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not enforce a KeyDescriptor Use attribute, allowing a certificate designated for a single purpose (signing or encryption) to be used for both. This weakens the intended...