3 matches found
CVE-2013-6440
CVE-2013-6440 affects Shibboleth OpenSAML-Java before 2.6.1 where the expandEntityReferences setting was left true, enabling XML external entity (XXE) attacks via crafted DOCTYPEs. Affected library: OpenSAML-Java in Shibboleth deployments. Impact per sources is exposure of sensitive information t...
CVE-2011-1411
CVE-2011-1411 affects Shibboleth OpenSAML libraries: OpenSAML 2.4.x before 2.4.3, 2.5.x before 2.5.1, and IdP before 2.3.2. The issue is an XML Signature Wrapping vulnerability allowing remote attackers to forge messages and bypass authentication. Practical impact described in sources is authenti...
CVE-2017-16853
CVE-2017-16853 affects OpenSAML’s DynamicMetadataProvider (OpenSAML-C) prior to 2.6.1. The DynamicMetadataProvider.cpp implementation does not properly configure MetadataFilter plugins and omits key security checks (e.g., signature verification, validity periods, and other deployment-specific che...