CVE-2011-1411

medium

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

References

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.debian.org/security/2011/dsa-2284

http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

http://secunia.com/advisories/50994

Details

Source: Mitre, NVD

Published: 2011-09-02

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N