Medium severity6.5NVD Advisory· Published Jan 13, 2018· Updated Jun 17, 2026
CVE-2018-0486
CVE-2018-0486
Description
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: <1.6.3
- Range: <2.6.0
- osv-coords8 versionspkg:rpm/opensuse/xmltooling&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 3.2.0-1.2+ 7 more
- (no CPE)range: < 3.2.0-1.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
- (no CPE)range: < 1.5.6-3.3.2
Patches
Vulnerability mechanics
References
5- www.securitytracker.com/id/1040177nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2018/01/msg00016.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-security-announce/2018/msg00007.htmlnvdMailing ListThird Party Advisory
- shibboleth.net/community/advisories/secadv_20180112.txtnvdVendor Advisory
- www.debian.org/security/2018/dsa-4085nvdThird Party Advisory
News mentions
0No linked articles in our index yet.