CVE-2011-1411
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
La librería Shibboleth OpenSAML v2.4.x antes de v2.4.3 y v2.5.x antes de v2.5.1, e IdP antes de v2.3.2, permite a atacantes remotos falsificar mensajes y eludir la autenticación a través de un ataque "XML Signature wrapping"
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-10 CVE Reserved
- 2011-07-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/50994 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://shibboleth.internet2.edu/secadv/secadv_20110725.txt | 2013-10-11 | |
| http://www.debian.org/security/2011/dsa-2284 | 2013-10-11 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | 2013-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Shibboleth Search vendor "Shibboleth" | Opensaml Search vendor "Shibboleth" for product "Opensaml" | 2.4.0 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.0" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Opensaml Search vendor "Shibboleth" for product "Opensaml" | 2.4.1 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.1" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Opensaml Search vendor "Shibboleth" for product "Opensaml" | 2.4.2 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.2" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Opensaml Search vendor "Shibboleth" for product "Opensaml" | 2.5.0 Search vendor "Shibboleth" for product "Opensaml" and version "2.5.0" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | <= 2.3.1 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version " <= 2.3.1" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.0.0 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.0.0" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.0 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.0" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.1 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.1" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.2 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.2" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.3 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.3" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.4 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.4" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.1.5 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.1.5" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.2.0 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.2.0" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.2.1 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.2.1" | - |
Affected
| ||||||
| Shibboleth Search vendor "Shibboleth" | Shibboleth-identity-provider Search vendor "Shibboleth" for product "Shibboleth-identity-provider" | 2.3.0 Search vendor "Shibboleth" for product "Shibboleth-identity-provider" and version "2.3.0" | - |
Affected
| ||||||