CVE-2020-27978
https://notcve.org/view.php?id=CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. Shibboleth Identify Provider versiones 3.x anteriores a 3.4.6, presenta un fallo de denegación de servicio. Un atacante remoto no autenticado puede causar un flujo de inicio de sesión para desencadenar un agotamiento de la pila de Java debido a la creación de objetos en la sesión del contenedor Java Servlet • https://shibboleth.net/community/advisories/secadv_20191002.txt • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2014-3603
https://notcve.org/view.php?id=CVE-2014-3603
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Las implementaciones de (1) HttpResource y (2) FileBackedHttpResource en el Proveedor de Identidad (IdP) de Shibboleth, en versiones anteriores a la 2.4.1, y en OpenSAML Java, en su versión 2.6.2, no verifican que el nombre de host del servidor se corresponda con un nombre de dominio en el campo "Common Name" (CN) del asunto o en el campo "subjectAltName" del certificado X.509. Esto permite a los atacantes Man-in-the-Middle (MitM) suplantar los servidores SSL a través de un certificado arbitrario válido. • http://secunia.com/advisories/60816 http://shibboleth.net/community/advisories/secadv_20140813.txt https://bugzilla.redhat.com/show_bug.cgi?id=1131823 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVE-2015-1796 – Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
https://notcve.org/view.php?id=CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. Los motores de confianza PKIX en Shibboleth Identity Provider anterior a 2.4.4 y OpenSAML Java (OpenSAML-J) anterior a 2.6.5 confían en los certificados X.509 de candidatos cuando nombres no confiables están disponibles para el identificador de entidad, lo que permite a atacantes remotos suplantar una entidad a través de un certificado emitido por una ancla de confianza shibmd:KeyAuthority. It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority. • http://rhn.redhat.com/errata/RHSA-2015-1176.html http://rhn.redhat.com/errata/RHSA-2015-1177.html http://www.securityfocus.com/bid/75370 https://shibboleth.net/community/advisories/secadv_20150225.txt https://access.redhat.com/security/cve/CVE-2015-1796 https://bugzilla.redhat.com/show_bug.cgi?id=1196619 • CWE-254: 7PK - Security Features •
CVE-2011-1411
https://notcve.org/view.php?id=CVE-2011-1411
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." La librería Shibboleth OpenSAML v2.4.x antes de v2.4.3 y v2.5.x antes de v2.5.1, e IdP antes de v2.3.2, permite a atacantes remotos falsificar mensajes y eludir la autenticación a través de un ataque "XML Signature wrapping" • http://secunia.com/advisories/50994 http://shibboleth.internet2.edu/secadv/secadv_20110725.txt http://www.debian.org/security/2011/dsa-2284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html • CWE-287: Improper Authentication •