VYPR

Xmltooling

by Internet2

CVEs (6)

  • CVE-2018-0489MedFeb 27, 2018
    risk 0.42cvss 6.5epss 0.02

    Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML…

  • CVE-2018-0486MedJan 13, 2018
    risk 0.42cvss 6.5epss 0.02

    Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a…

  • CVE-2023-36661Jun 25, 2023
    risk 0.07cvss epss 0.03

    Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

  • CVE-2015-0851Aug 12, 2015
    risk 0.00cvss epss 0.02

    XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

  • CVE-2009-3476Sep 29, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and…

  • CVE-2009-3474Sep 29, 2009
    risk 0.00cvss epss 0.02

    OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is…