Search...

CVE-2009-3476

2009-09-29T00:00:00

ID UB:CVE-2009-3476
Type ubuntucve
Reporter ubuntu.com
Modified 2009-09-29T00:00:00

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

JSON Vulners Source

Initial Source

{"id": "UB:CVE-2009-3476", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2009-3476", "description": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth\nService Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2\nas used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1,\nallows remote attackers to cause a denial of service and possibly execute\narbitrary code via a malformed encoded URL.", "published": "2009-09-29T00:00:00", "modified": "2009-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2009-3476", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3476", "https://nvd.nist.gov/vuln/detail/CVE-2009-3476", "https://launchpad.net/bugs/cve/CVE-2009-3476", "https://security-tracker.debian.org/tracker/CVE-2009-3476"], "cvelist": ["CVE-2009-3476"], "immutableFields": [], "lastseen": "2021-11-22T21:59:20", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3476"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-3476"]}], "rev": 4}, "score": {"value": 5.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-3476"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-3476"]}]}, "exploitation": null, "vulnersScore": 5.5}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.1.3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "opensaml"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.3.4", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "shibboleth-sp"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.2.2-1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "xmltooling"}], "bugs": [], "_state": {"dependencies": 1646208655}}

{"cve": [{"lastseen": "2022-03-23T21:34:56", "description": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.", "cvss3": {}, "published": "2009-09-29T23:30:00", "type": "cve", "title": "CVE-2009-3476", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3476"], "modified": "2017-08-17T01:31:00", "cpe": ["cpe:/a:internet2:shibboleth-sp:1.3.3", "cpe:/a:internet2:shibboleth-sp:2.1", "cpe:/a:internet2:xmltooling:1.2.0", "cpe:/a:internet2:xmltooling:1.2.1", "cpe:/a:internet2:shibboleth-sp:2.0", "cpe:/a:internet2:opensaml:1.1.1", "cpe:/a:internet2:xmltooling:1.1.1", "cpe:/a:internet2:opensaml:1.1", "cpe:/a:internet2:shibboleth-sp:1.3.2", "cpe:/a:internet2:xmltooling:1.0.1", "cpe:/a:internet2:shibboleth-sp:2.2", "cpe:/a:internet2:xmltooling:1.1.0", "cpe:/a:internet2:shibboleth-sp:1.3f", "cpe:/a:internet2:shibboleth-sp:1.3.1"], "id": "CVE-2009-3476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3476", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:opensaml:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:opensaml:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:51:20", "description": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.", "cvss3": {}, "published": "2009-09-29T23:30:00", "type": "debiancve", "title": "CVE-2009-3476", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3476"], "modified": "2009-09-29T23:30:00", "id": "DEBIANCVE:CVE-2009-3476", "href": "https://security-tracker.debian.org/tracker/CVE-2009-3476", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}