Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-4314

Опубликовано: 27 янв. 2012
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kay_framework_project:kay_framework:*:*:*:*:*:*:*:*
Версия до 1.0.1 (включая)
cpe:2.3:a:kay_framework_project:kay_framework:0.0.0:-:*:*:*:*:*:*
cpe:2.3:a:kay_framework_project:kay_framework:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:kay_framework_project:kay_framework:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:kay_framework_project:kay_framework:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kay_framework_project:kay_framework:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:kay_framework_project:kay_framework:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openid:openid4java:*:*:*:*:*:*:*:*
Версия до 0.9.5.593 (включая)
cpe:2.3:a:openid:openid4java:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:openid:openid4java:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openid:openid4java:0.9.4.339:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01136
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

redhat логотип

CVE-2011-4314

redhat
почти 15 лет назад

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

debian логотип

CVE-2011-4314

debian
около 14 лет назад

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used i ...

github логотип

GHSA-j473-c3rr-rx9p

github
больше 3 лет назад

OpenID4Java does not verify that Attribute Exchange (AX) information is signed

EPSS

Процентиль: 78%
0.01136
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20