RSS   Podatności dla 'Opensaml'   RSS

2014-02-14
 
CVE-2013-6440

CWE-200
 

 
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

 
2011-09-02
 
CVE-2011-1411

CWE-287
 

 
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

 

 >>> Vendor: Shibboleth 8 Produkty
Identity provider
Service provider
Opensaml
Shibboleth-sp
Shibboleth-identity-provider
Opensaml java
Identify provider
Oidc op


Copyright 2024, cxsecurity.com

 

Back to Top