Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2014-3603

Medium priority

Not in release

The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject’s Common...

1 affected package

libopensaml2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libopensaml2-java
Show less packages

CVE-2017-16853

Medium priority
Fixed

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical...

1 affected package

opensaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2 Not affected Fixed
Show less packages

CVE-2015-0851

Medium priority

Some fixes available 2 of 9

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

2 affected packages

opensaml2, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2 Not affected Not affected
xmltooling Not affected Not affected
Show less packages

CVE-2015-1796

Medium priority
Ignored

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers...

1 affected package

libopensaml2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libopensaml2-java
Show less packages

CVE-2013-6440

Medium priority
Ignored

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML...

1 affected package

opensaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2 Not affected
Show less packages

CVE-2011-1411

Medium priority

Some fixes available 2 of 4

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an “XML Signature wrapping attack.”

2 affected packages

opensaml, opensaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml
opensaml2
Show less packages

CVE-2009-3300

Medium priority

Some fixes available 1 of 11

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...

4 affected packages

opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2
shibboleth-sp
shibboleth-sp2
xmltooling
Show less packages