CVE-2011-1411
Description
Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.281
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2011-1411 are fixed in OpenSAML-opensaml 2.4.3 | Windows |
| Vulnerabilities CVE-2011-1411 are fixed in OpenSAML-opensaml 2.5.1 | Windows |
| Vulnerabilities CVE-2010-4437,CVE-2011-1411,CVE-2014-4256 are affected in Oracle WebLogic Server 5.8 | Windows |
| Vulnerabilities CVE-2011-1411 are fixed in OpenSAML-opensaml for Linux 2.4.3 | Linux |
| Vulnerabilities CVE-2011-1411 are fixed in OpenSAML-opensaml for Linux 2.5.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234