Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-0489

Опубликовано: 27 фев. 2018
Источник: ubuntu
Приоритет: high
EPSS Низкий
CVSS2: 6.4
CVSS3: 6.5

Описание

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1.6.4-1ubuntu2
devel

not-affected

1.6.4-1ubuntu2
esm-apps/bionic

not-affected

1.6.4-1ubuntu2
esm-apps/xenial

released

1.5.6-2ubuntu0.2
esm-infra-legacy/trusty

released

1.5.3-2+deb8u3build0.14.04.1
precise/esm

DNE

trusty

released

1.5.3-2+deb8u3build0.14.04.1
trusty/esm

released

1.5.3-2+deb8u3build0.14.04.1
upstream

released

1.6.4-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%
0.00243
Низкий

6.4 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-0489

CVSS3: 8.1
redhat
почти 8 лет назад

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

nvd логотип

CVE-2018-0489

CVSS3: 6.5
nvd
почти 8 лет назад

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

debian логотип

CVE-2018-0489

CVSS3: 6.5
debian
почти 8 лет назад

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Pr ...

github логотип

GHSA-4479-q654-wmq5

CVSS3: 6.5
github
больше 3 лет назад

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

suse-cvrf логотип

openSUSE-SU-2018:0738-1

suse-cvrf
почти 8 лет назад

Security update for xmltooling

EPSS

Процентиль: 47%
0.00243
Низкий

6.4 Medium

CVSS2

6.5 Medium

CVSS3