Detections
Analytics
FreeBSD : security/shibboleth-idp -- CAS service SSRF (7a7129ef-e790-11ee-a1c0-0050569f0b83)
high Nessus Plugin ID 192464
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a7129ef-e790-11ee-a1c0-0050569f0b83 advisory.- Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter.
(7a7129ef-e790-11ee-a1c0-0050569f0b83)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?5701ea13
https://shibboleth.net/community/advisories/secadv_20240320.txt
Plugin Details
Severity: High
ID: 192464
File Name: freebsd_pkg_7a7129efe79011eea1c00050569f0b83.nasl
Version: 1.0
Type: local
Family: FreeBSD Local Security Checks
Published: 3/22/2024
Updated: 3/22/2024
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:shibboleth-idp, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 3/21/2024
Vulnerability Publication Date: 3/20/2024