Описание
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:shibboleth:opensaml:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.5.0:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.3.1 (включая)
Одно из
cpe:2.3:a:shibboleth:shibboleth-identity-provider:*:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:shibboleth-identity-provider:2.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
ubuntu
больше 14 лет назад
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
debian
больше 14 лет назад
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...
EPSS
Процентиль: 51%
0.00281
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-287