Security Bypass in OpenSAML and XMLTooling Affecting Shibboleth Service Provider
CVE-2009-3474

Currently unrated

Key Information:

Vendor

Internet2

Status
Opensaml
Xmltooling
Shibboleth-sp
Vendor
CVE Published:
29 September 2009

What is CVE-2009-3474?

A security bypass vulnerability exists in OpenSAML and XMLTooling due to improper handling of the KeyDescriptor element's Use attribute. This flaw allows remote attackers to misuse certificates designated for a single purpose, enabling the same certificate to be employed for both signing and encryption. Consequently, this can compromise the intended security mechanisms of applications relying on these libraries.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/36516
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/53474
vdb-entryx_refsource_XF
http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.