CVE-2009-3300
Published: 6 November 2009
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.
Priority
Status
Package | Release | Status |
---|---|---|
opensaml2 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
dapper |
Does not exist
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Released
(2.0-2+lenny2build0.9.04.1)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(2.3-1build1)
|
|
maverick |
Not vulnerable
(2.3-1build1)
|
|
natty |
Not vulnerable
(2.3-1build1)
|
|
oneiric |
Not vulnerable
(2.3-1build1)
|
|
upstream |
Released
(2.3)
|
|
shibboleth-sp Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
shibboleth-sp2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(2.3+dfsg-1build1)
|
|
maverick |
Not vulnerable
(2.3+dfsg-1build1)
|
|
natty |
Not vulnerable
(2.3+dfsg-1build1)
|
|
oneiric |
Not vulnerable
(2.3+dfsg-1build1)
|
|
upstream |
Released
(2.3)
|
|
xmltooling Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(1.3.1-1)
|
|
maverick |
Not vulnerable
(1.3.1-1)
|
|
natty |
Not vulnerable
(1.3.1-1)
|
|
oneiric |
Not vulnerable
(1.3.1-1)
|
|
upstream |
Released
(1.3.1)
|