Back to search
CVE-2018-0489
Published: Feb 27, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
| Vendor | Product | Versions |
|---|---|---|
n/a | Shibboleth XMLTooling-C before 1.6.4 | affected Shibboleth XMLTooling-C before 1.6.4 |
References
1040435
vdb-entry
x_refsource_SECTRACK
103172
vdb-entry
x_refsource_BID
DSA-4126
vendor-advisory
x_refsource_DEBIAN
https://shibboleth.net/community/advisories/secadv_20180227.txt
x_refsource_CONFIRM
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt
x_refsource_CONFIRM
[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now