Vulnerability CVE-2011-4314


Published: 2012-01-27   Modified: 2012-02-13

Description:
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Vendor: Redhat
Product: Jboss enterprise application platform 
Version:
5.1.2
5.1.1
5.1.0
Vendor: Kay framework project
Product: Kay framework 
Version:
1.0.1
1.0.0
0.8.0
0.3.0
0.2.0
0.1.0
0.0.0
Vendor: Openid
Product: Openid4java 
Version:
0.9.5.593
0.9.4.339
0.9.3
0.9.2

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://openid.net/2011/05/05/attribute-exchange-security-alert/
https://issues.jboss.org/browse/SOA-3597
https://issues.jboss.org/browse/JBEPP-1368
http://www.redhat.com/support/errata/RHSA-2011-1804.html
http://www.openwall.com/lists/oss-security/2011/11/17/1
http://www.openwall.com/lists/oss-security/2011/11/16/1
http://securitytracker.com/id?1026400
http://secunia.com/advisories/48954
http://secunia.com/advisories/48697
http://secunia.com/advisories/44496
http://rhn.redhat.com/errata/RHSA-2012-0519.html
http://rhn.redhat.com/errata/RHSA-2012-0441.html

Related CVE
CVE-2019-11027
Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer c...
CVE-2007-5173
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-1651
Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has s...
CVE-2007-1652
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.

Copyright 2019, cxsecurity.com

 

Back to Top