CVE-2011-1411

EPSS 0.28%

opensaml2 - implementation error

發布日:2022/5/17修改日:2026/3/9

描述

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

受影響套件(2)

Debian/opensaml2from 0, < 2.3-2+squeeze1
Maven/org.opensaml:opensaml>= 2.4.0, < 2.4.3

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1411
WEBhttp://shibboleth.internet2.edu/secadv/secadv_20110725.txt
WEBhttp://www.debian.org/security/2011/dsa-2284
WEBhttp://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html