FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-1411

This CVE name corresponds to:

Entered Topic
2011-07-25 opensaml2 -- unauthenticated login

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-1411
Phase Assigned(20110310)

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

References

Source Reference
CONFIRM http://shibboleth.internet2.edu/secadv/secadv_20110725.txt
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
DEBIAN DSA-2284
MANDRIVA MDVSA-2013:150
SECUNIA 50994