RSS   Podatności dla 'Service provider'   RSS

2021-03-22
 
CVE-2021-28963

CWE-74
 

 
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

 
2019-11-21
 
CVE-2019-19191

CWE-59
 

 
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.

 
2019-11-07
 
CVE-2010-2450

CWE-200
 

 
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.

 
2015-03-31
 
CVE-2015-2684

 

 
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

 

 >>> Vendor: Shibboleth 8 Produkty
Opensaml
Shibboleth-identity-provider
Shibboleth-sp
Service provider
Identity provider
Opensaml java
Identify provider
Oidc op


Copyright 2022, cxsecurity.com

 

Back to Top