Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for shibboleth-sp by internet2

    CVE-2009-3476 (GCVE-0-2009-3476)

    Vulnerability from nvd – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36870 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36514 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36869 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    Date Public
    2009-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:09.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36870",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36870"
              },
              {
                "name": "36514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36514"
              },
              {
                "name": "36869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36869"
              },
              {
                "name": "opensaml-xmltooling-url-bo(53471)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36870",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36870"
            },
            {
              "name": "36514",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36514"
            },
            {
              "name": "36869",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36869"
            },
            {
              "name": "opensaml-xmltooling-url-bo(53471)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36870",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36870"
                },
                {
                  "name": "36514",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36514"
                },
                {
                  "name": "36869",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36869"
                },
                {
                  "name": "opensaml-xmltooling-url-bo(53471)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3476",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:09.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3475 (GCVE-0-2009-3475)

    Vulnerability from nvd – Published: 2009-09-29 23:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36861 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
              },
              {
                "name": "36861",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36861"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a \u0027\\0\u0027 character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-09-29T23:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
            },
            {
              "name": "36861",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36861"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3475",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a \u0027\\0\u0027 character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
                },
                {
                  "name": "36861",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36861"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3475",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:57.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3474 (GCVE-0-2009-3474)

    Vulnerability from nvd – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36516 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36868 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    https://bugs.internet2.edu/jira/browse/CPPOST-28 x_refsource_CONFIRM
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36516"
              },
              {
                "name": "opensaml-keydescriptor-security-bypass(53474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
              },
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "36868",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36868"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36516",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36516"
            },
            {
              "name": "opensaml-keydescriptor-security-bypass(53474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
            },
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "36868",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36868"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36516",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36516"
                },
                {
                  "name": "opensaml-keydescriptor-security-bypass(53474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
                },
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "36868",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36868"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "https://bugs.internet2.edu/jira/browse/CPPOST-28",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3474",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3474 (GCVE-0-2009-3474)

    Vulnerability from cvelistv5 – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36516 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36868 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    https://bugs.internet2.edu/jira/browse/CPPOST-28 x_refsource_CONFIRM
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36516"
              },
              {
                "name": "opensaml-keydescriptor-security-bypass(53474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
              },
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "36868",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36868"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36516",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36516"
            },
            {
              "name": "opensaml-keydescriptor-security-bypass(53474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
            },
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "36868",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36868"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36516",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36516"
                },
                {
                  "name": "opensaml-keydescriptor-security-bypass(53474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
                },
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "36868",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36868"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "https://bugs.internet2.edu/jira/browse/CPPOST-28",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3474",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3475 (GCVE-0-2009-3475)

    Vulnerability from cvelistv5 – Published: 2009-09-29 23:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36861 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
              },
              {
                "name": "36861",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36861"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a \u0027\\0\u0027 character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-09-29T23:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
            },
            {
              "name": "36861",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36861"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3475",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a \u0027\\0\u0027 character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
                },
                {
                  "name": "36861",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36861"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3475",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:57.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3476 (GCVE-0-2009-3476)

    Vulnerability from cvelistv5 – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36870 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36514 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36869 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    Date Public
    2009-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:09.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36870",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36870"
              },
              {
                "name": "36514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36514"
              },
              {
                "name": "36869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36869"
              },
              {
                "name": "opensaml-xmltooling-url-bo(53471)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36870",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36870"
            },
            {
              "name": "36514",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36514"
            },
            {
              "name": "36869",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36869"
            },
            {
              "name": "opensaml-xmltooling-url-bo(53471)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36870",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36870"
                },
                {
                  "name": "36514",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36514"
                },
                {
                  "name": "36869",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36869"
                },
                {
                  "name": "opensaml-xmltooling-url-bo(53471)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3476",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:09.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }