vulnerability
FreeBSD: VID-3DBE9492-F7B8-11E7-A12D-6CC21735F730 (CVE-2018-0486): shibboleth-sp -- vulnerable to forged user attribute data
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Jan 12, 2018 | Jan 13, 2018 | May 7, 2019 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Jan 12, 2018
Added
Jan 13, 2018
Modified
May 7, 2019
Description
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Solutions
freebsd-upgrade-package-xerces-c3freebsd-upgrade-package-xmltooling
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.