Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for xmltooling by internet2

    CVE-2009-3476 (GCVE-0-2009-3476)

    Vulnerability from nvd – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36870 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36514 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36869 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    Date Public
    2009-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:09.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36870",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36870"
              },
              {
                "name": "36514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36514"
              },
              {
                "name": "36869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36869"
              },
              {
                "name": "opensaml-xmltooling-url-bo(53471)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36870",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36870"
            },
            {
              "name": "36514",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36514"
            },
            {
              "name": "36869",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36869"
            },
            {
              "name": "opensaml-xmltooling-url-bo(53471)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36870",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36870"
                },
                {
                  "name": "36514",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36514"
                },
                {
                  "name": "36869",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36869"
                },
                {
                  "name": "opensaml-xmltooling-url-bo(53471)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3476",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:09.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3474 (GCVE-0-2009-3474)

    Vulnerability from nvd – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36516 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36868 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    https://bugs.internet2.edu/jira/browse/CPPOST-28 x_refsource_CONFIRM
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36516"
              },
              {
                "name": "opensaml-keydescriptor-security-bypass(53474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
              },
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "36868",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36868"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36516",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36516"
            },
            {
              "name": "opensaml-keydescriptor-security-bypass(53474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
            },
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "36868",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36868"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36516",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36516"
                },
                {
                  "name": "opensaml-keydescriptor-security-bypass(53474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
                },
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "36868",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36868"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "https://bugs.internet2.edu/jira/browse/CPPOST-28",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3474",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3474 (GCVE-0-2009-3474)

    Vulnerability from cvelistv5 – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/36516 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    http://secunia.com/advisories/36876 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1896 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/36868 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1895 vendor-advisoryx_refsource_DEBIAN
    https://bugs.internet2.edu/jira/browse/CPPOST-28 x_refsource_CONFIRM
    http://secunia.com/advisories/36855 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:10.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36516",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36516"
              },
              {
                "name": "opensaml-keydescriptor-security-bypass(53474)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
              },
              {
                "name": "36876",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36876"
              },
              {
                "name": "DSA-1896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1896"
              },
              {
                "name": "36868",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36868"
              },
              {
                "name": "DSA-1895",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
              },
              {
                "name": "36855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36516",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36516"
            },
            {
              "name": "opensaml-keydescriptor-security-bypass(53474)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
            },
            {
              "name": "36876",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36876"
            },
            {
              "name": "DSA-1896",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1896"
            },
            {
              "name": "36868",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36868"
            },
            {
              "name": "DSA-1895",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
            },
            {
              "name": "36855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element\u0027s Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36516",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36516"
                },
                {
                  "name": "opensaml-keydescriptor-security-bypass(53474)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
                },
                {
                  "name": "36876",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36876"
                },
                {
                  "name": "DSA-1896",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1896"
                },
                {
                  "name": "36868",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36868"
                },
                {
                  "name": "DSA-1895",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1895"
                },
                {
                  "name": "https://bugs.internet2.edu/jira/browse/CPPOST-28",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
                },
                {
                  "name": "36855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3474",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:10.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3476 (GCVE-0-2009-3476)

    Vulnerability from cvelistv5 – Published: 2009-09-29 23:00 – Updated: 2024-08-07 06:31
    VLAI
    Summary
    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36870 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/36514 vdb-entryx_refsource_BID
    http://secunia.com/advisories/36869 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://shibboleth.internet2.edu/secadv/secadv_200… x_refsource_CONFIRM
    Date Public
    2009-08-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:31:09.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36870",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36870"
              },
              {
                "name": "36514",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36514"
              },
              {
                "name": "36869",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36869"
              },
              {
                "name": "opensaml-xmltooling-url-bo(53471)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36870",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36870"
            },
            {
              "name": "36514",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36514"
            },
            {
              "name": "36869",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36869"
            },
            {
              "name": "opensaml-xmltooling-url-bo(53471)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36870",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36870"
                },
                {
                  "name": "36514",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36514"
                },
                {
                  "name": "36869",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36869"
                },
                {
                  "name": "opensaml-xmltooling-url-bo(53471)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53471"
                },
                {
                  "name": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt",
                  "refsource": "CONFIRM",
                  "url": "http://shibboleth.internet2.edu/secadv/secadv_20090826.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3476",
        "datePublished": "2009-09-29T23:00:00.000Z",
        "dateReserved": "2009-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:31:09.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }