vulnerability

Ubuntu: USN-7309-1 (CVE-2016-5697): Ruby SAML vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 23, 2017	Mar 3, 2025	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 23, 2017

Added

Mar 3, 2025

Modified

Aug 18, 2025

Description

It was discovered that Ruby SAML did not properly validate SAML responses.
An unauthenticated attacker could use this vulnerability to log in as an
abitrary user. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5697)

It was discovered that Ruby SAML incorrectly utilized the results of XML
DOM traversal and canonicalization APIs. An unauthenticated attacker could
use this vulnerability to log in as an abitrary user. This issue only
affected Ubuntu 16.04 LTS. (CVE-2017-11428)

It was discovered that Ruby SAML did not properly verify the signature of
the SAML Response, allowing multiple elements with the same ID. An
unauthenticated attacker could use this vulnerability to log in as an
abitrary user. (CVE-2024-45409)

Solution

ubuntu-pro-upgrade-ruby-saml

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today