Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3476

Опубликовано: 29 сент. 2009
Источник: nvd
CVSS2: 9.3
EPSS Низкий

Описание

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:internet2:opensaml:1.1:*:*:*:*:*:*:*
cpe:2.3:a:internet2:opensaml:1.1.1:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*
cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*
cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01561
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2009-3476

ubuntu
около 16 лет назад

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

debian логотип

CVE-2009-3476

debian
около 16 лет назад

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibbole ...

github логотип

GHSA-hvmf-6hr8-vcpv

github
больше 3 лет назад

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

EPSS

Процентиль: 81%
0.01561
Низкий

9.3 Critical

CVSS2

Дефекты

CWE-119