Search CVE reports
1 – 7 of 7 results
CVE-2014-3603
Medium priorityNot in release
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject’s Common...
1 affected package
libopensaml2-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libopensaml2-java | — | — | — | — | — |
CVE-2017-16853
Medium priorityThe DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical...
1 affected package
opensaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opensaml2 | — | — | — | Not affected | Fixed |
CVE-2015-0851
Medium prioritySome fixes available 2 of 9
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
2 affected packages
opensaml2, xmltooling
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opensaml2 | — | — | — | Not affected | Not affected |
xmltooling | — | — | — | Not affected | Not affected |
CVE-2015-1796
Medium priorityThe PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers...
1 affected package
libopensaml2-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libopensaml2-java | — | — | — | — | — |
CVE-2013-6440
Medium priorityThe (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML...
1 affected package
opensaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opensaml2 | — | — | — | — | Not affected |
CVE-2011-1411
Medium prioritySome fixes available 2 of 4
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an “XML Signature wrapping attack.”
2 affected packages
opensaml, opensaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opensaml | — | — | — | — | — |
opensaml2 | — | — | — | — | — |
CVE-2009-3300
Medium prioritySome fixes available 1 of 11
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...
4 affected packages
opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
opensaml2 | — | — | — | — | — |
shibboleth-sp | — | — | — | — | — |
shibboleth-sp2 | — | — | — | — | — |
xmltooling | — | — | — | — | — |