The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7309-1 advisory.

    It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker     could use this vulnerability to log in as an

    abitrary user. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5697)

    It was discovered that Ruby SAML incorrectly utilized the results of XML DOM traversal and     canonicalization APIs. An unauthenticated attacker could use this vulnerability to log in as an abitrary     user. This issue only

    affected Ubuntu 16.04 LTS. (CVE-2017-11428)

    It was discovered that Ruby SAML did not properly verify the signature of the SAML Response, allowing     multiple elements with the same ID. An

    unauthenticated attacker could use this vulnerability to log in as an

    abitrary user. (CVE-2024-45409)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby SAML vulnerabilities (USN-7309-1)

critical Nessus Plugin ID 216932

Version 1.2