Denial of Service : Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802223

Categoría: Denial of Service

Título: Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability - Windows

Resumen: Shibboleth is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Shibboleth is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to off-by-one error in the XML signature feature in
Apache XML Security, allows remote attackers to cause a denial of service
via a signature using a large RSA key, which triggers a buffer overflow.

Vulnerability Impact:
Successful exploitation could allow remote attackers to cause the application
to crash, resulting in denial-of-service conditions.

Affected Software/OS:
Shibboleth versions prior to 2.4.3

Solution:
Upgrade to Shibboleth version 2.4.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2516
1025755
http://www.securitytracker.com/id?1025755
20110707 Security Advisory: CVE-2011-2516
http://www.securityfocus.com/archive/1/518756/100/0/threaded
45151
http://secunia.com/advisories/45151
45191
http://secunia.com/advisories/45191
45198
http://secunia.com/advisories/45198
45491
http://secunia.com/advisories/45491
48611
http://www.securityfocus.com/bid/48611
DSA-2277
http://www.debian.org/security/2011/dsa-2277
FEDORA-2011-9494
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html
FEDORA-2011-9501
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html
[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
apache-xml-dos(68420)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68420
http://santuario.apache.org/secadv/CVE-2011-2516.txt
http://shibboleth.internet2.edu/secadv/secadv_20110706.txt
https://issues.apache.org/jira/browse/SANTUARIO-271

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802223
Categoría:	Denial of Service
Título:	Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability - Windows
Resumen:	Shibboleth is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Shibboleth is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to off-by-one error in the XML signature feature in Apache XML Security, allows remote attackers to cause a denial of service via a signature using a large RSA key, which triggers a buffer overflow. Vulnerability Impact: Successful exploitation could allow remote attackers to cause the application to crash, resulting in denial-of-service conditions. Affected Software/OS: Shibboleth versions prior to 2.4.3 Solution: Upgrade to Shibboleth version 2.4.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2516 1025755 http://www.securitytracker.com/id?1025755 20110707 Security Advisory: CVE-2011-2516 http://www.securityfocus.com/archive/1/518756/100/0/threaded 45151 http://secunia.com/advisories/45151 45191 http://secunia.com/advisories/45191 45198 http://secunia.com/advisories/45198 45491 http://secunia.com/advisories/45491 48611 http://www.securityfocus.com/bid/48611 DSA-2277 http://www.debian.org/security/2011/dsa-2277 FEDORA-2011-9494 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html FEDORA-2011-9501 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E [santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E apache-xml-dos(68420) https://exchange.xforce.ibmcloud.com/vulnerabilities/68420 http://santuario.apache.org/secadv/CVE-2011-2516.txt http://shibboleth.internet2.edu/secadv/secadv_20110706.txt https://issues.apache.org/jira/browse/SANTUARIO-271
Copyright	Copyright (C) 2011 Greenbone AG