CVE-2017-16853
https://notcve.org/view.php?id=CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. La clase DynamicMetadataProvider en saml/saml2/metadata/impl/DynamicMetadataProvider.cpp en OpenSAML-C en OpenSAML, en versiones anteriores a la 2.6.1, no se configura correctamente con los plugins MetadataFilter y no realiza las verificaciones de seguridad críticas como la verificación de firmas, cumplimiento de los periodos de validez y otras comprobaciones específicas de despliegues. Esta vulnerabilidad también se conoce como CPPOST-105. • http://www.securityfocus.com/bid/101898 https://bugs.debian.org/881856 https://git.shibboleth.net/view/?p=cpp-opensaml.git%3Ba=commit%3Bh=6182b0acf2df670e75423c2ed7afe6950ef11c9d https://lists.debian.org/debian-lts-announce/2017/11/msg00024.html https://shibboleth.net/community/advisories/secadv_20171115.txt https://www.debian.org/security/2017/dsa-4039 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2013-6440 – Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
https://notcve.org/view.php?id=CVE-2013-6440
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter y (4) SAML Decrypter en Shibboleth OpenSAML-Java anterior a 2.6.1 establece la propiedad expandEntityReferences como "true", lo que permite a atacantes remotos realizar ataques de entidad externa XML (XXE) a través de una declaración XML DOCTYPE manipulada. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml http://rhn.redhat.com/errata/RHSA-2014-0170.html http://rhn.redhat.com/errata/RHSA-2014-0171.html http://rhn.redhat.com/errata/RHSA-2014-0172.html http://rhn.redhat.com/errata/RHSA-2014-0195.html http://shibboleth.net/community/advisories/secadv_20131213.txt https://bugzilla.redhat.com/show_bug.cgi?id=1043332 https://www.oracle.com/security-alerts/cpujan2022.html https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2011-1411
https://notcve.org/view.php?id=CVE-2011-1411
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." La librería Shibboleth OpenSAML v2.4.x antes de v2.4.3 y v2.5.x antes de v2.5.1, e IdP antes de v2.3.2, permite a atacantes remotos falsificar mensajes y eludir la autenticación a través de un ataque "XML Signature wrapping" • http://secunia.com/advisories/50994 http://shibboleth.internet2.edu/secadv/secadv_20110725.txt http://www.debian.org/security/2011/dsa-2284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html • CWE-287: Improper Authentication •
CVE-2009-3476
https://notcve.org/view.php?id=CVE-2009-3476
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL. Desbordamiento de búfer en OpenSAML anterior a v1.1.3 utilizado en Internet2 Shibboleth Service Provider software v1.3.x anterior a v1.3.4, y XMLTooling anterior a v1.2.2 utilizado en Internet2 Shibboleth Service Provider software v2.x anterior a 2.2.1, permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección a través de una URL codificada mal formada. • http://secunia.com/advisories/36869 http://secunia.com/advisories/36870 http://shibboleth.internet2.edu/secadv/secadv_20090826.txt http://www.securityfocus.com/bid/36514 https://exchange.xforce.ibmcloud.com/vulnerabilities/53471 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3474
https://notcve.org/view.php?id=CVE-2009-3474
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. OpenSAML v2.x anterior a v2.2.1 y XMLTooling v1.x anterior a v1.2.1, utilizado por Internet2 Shibboleth Service Provider v2.x anterior a v2.2.1,no siguen el atributo Use del elemento KeyDescriptor, lo cual permite a atacantes remotos utilizar un certificado para la firma y encriptación, cuando esta designado para un solo fin, debilitando potencialmente el propósito de aplicación de seguridad del certificado. • http://secunia.com/advisories/36855 http://secunia.com/advisories/36868 http://secunia.com/advisories/36876 http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt http://www.debian.org/security/2009/dsa-1895 http://www.debian.org/security/2009/dsa-1896 http://www.securityfocus.com/bid/36516 https://bugs.internet2.edu/jira/browse/CPPOST-28 https://exchange.xforce.ibmcloud.com/vulnerabilities/53474 • CWE-310: Cryptographic Issues •