Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for xmltooling-c by shibboleth

    CVE-2018-0489 (GCVE-0-2018-0489)

    Vulnerability from nvd – Published: 2018-02-27 15:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
    Severity
    No CVSS data available.
    CWE
    • obtain sensitive information or conduct impersonation attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Shibboleth XMLTooling-C before 1.6.4 Affected: Shibboleth XMLTooling-C before 1.6.4
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040435",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040435"
              },
              {
                "name": "103172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103172"
              },
              {
                "name": "DSA-4126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4126"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              },
              {
                "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Shibboleth XMLTooling-C before 1.6.4",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Shibboleth XMLTooling-C before 1.6.4"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "obtain sensitive information or conduct impersonation attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-22T09:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "1040435",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040435"
            },
            {
              "name": "103172",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103172"
            },
            {
              "name": "DSA-4126",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4126"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            },
            {
              "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2018-0489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Shibboleth XMLTooling-C before 1.6.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Shibboleth XMLTooling-C before 1.6.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "obtain sensitive information or conduct impersonation attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040435",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040435"
                },
                {
                  "name": "103172",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103172"
                },
                {
                  "name": "DSA-4126",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4126"
                },
                {
                  "name": "https://shibboleth.net/community/advisories/secadv_20180227.txt",
                  "refsource": "CONFIRM",
                  "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                },
                {
                  "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2018-0489",
        "datePublished": "2018-02-27T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0486 (GCVE-0-2018-0486)

    Vulnerability from nvd – Published: 2018-01-13 18:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
    Severity
    No CVSS data available.
    CWE
    • mishandles digital signatures
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a XMLTooling-C before 1.6.3 Affected: XMLTooling-C before 1.6.3
    Date Public
    2018-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4085",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4085"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
              },
              {
                "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
              },
              {
                "name": "1040177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040177"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XMLTooling-C before 1.6.3",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "XMLTooling-C before 1.6.3"
                }
              ]
            }
          ],
          "datePublic": "2018-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "mishandles digital signatures",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4085",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4085"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
            },
            {
              "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
            },
            {
              "name": "1040177",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040177"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2018-0486",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "XMLTooling-C before 1.6.3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "XMLTooling-C before 1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "mishandles digital signatures"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4085",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4085"
                },
                {
                  "name": "https://lists.debian.org/debian-security-announce/2018/msg00007.html",
                  "refsource": "MISC",
                  "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
                },
                {
                  "name": "https://shibboleth.net/community/advisories/secadv_20180112.txt",
                  "refsource": "MISC",
                  "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
                },
                {
                  "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
                },
                {
                  "name": "1040177",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040177"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2018-0486",
        "datePublished": "2018-01-13T18:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0489 (GCVE-0-2018-0489)

    Vulnerability from cvelistv5 – Published: 2018-02-27 15:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
    Severity
    No CVSS data available.
    CWE
    • obtain sensitive information or conduct impersonation attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Shibboleth XMLTooling-C before 1.6.4 Affected: Shibboleth XMLTooling-C before 1.6.4
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1040435",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040435"
              },
              {
                "name": "103172",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103172"
              },
              {
                "name": "DSA-4126",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4126"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
              },
              {
                "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Shibboleth XMLTooling-C before 1.6.4",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Shibboleth XMLTooling-C before 1.6.4"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "obtain sensitive information or conduct impersonation attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-22T09:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "1040435",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040435"
            },
            {
              "name": "103172",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103172"
            },
            {
              "name": "DSA-4126",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4126"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
            },
            {
              "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2018-0489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Shibboleth XMLTooling-C before 1.6.4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Shibboleth XMLTooling-C before 1.6.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "obtain sensitive information or conduct impersonation attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1040435",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040435"
                },
                {
                  "name": "103172",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103172"
                },
                {
                  "name": "DSA-4126",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4126"
                },
                {
                  "name": "https://shibboleth.net/community/advisories/secadv_20180227.txt",
                  "refsource": "CONFIRM",
                  "url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
                },
                {
                  "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
                },
                {
                  "name": "[debian-lts-announce] 20180228 [SECURITY] [DLA 1296-1] xmltooling security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2018-0489",
        "datePublished": "2018-02-27T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0486 (GCVE-0-2018-0486)

    Vulnerability from cvelistv5 – Published: 2018-01-13 18:00 – Updated: 2024-08-05 03:28
    VLAI
    Summary
    Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
    Severity
    No CVSS data available.
    CWE
    • mishandles digital signatures
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a XMLTooling-C before 1.6.3 Affected: XMLTooling-C before 1.6.3
    Date Public
    2018-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:28:11.047Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4085",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4085"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
              },
              {
                "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
              },
              {
                "name": "1040177",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040177"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XMLTooling-C before 1.6.3",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "XMLTooling-C before 1.6.3"
                }
              ]
            }
          ],
          "datePublic": "2018-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "mishandles digital signatures",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T10:57:01.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "DSA-4085",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4085"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
            },
            {
              "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
            },
            {
              "name": "1040177",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040177"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2018-0486",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "XMLTooling-C before 1.6.3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "XMLTooling-C before 1.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "mishandles digital signatures"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-4085",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4085"
                },
                {
                  "name": "https://lists.debian.org/debian-security-announce/2018/msg00007.html",
                  "refsource": "MISC",
                  "url": "https://lists.debian.org/debian-security-announce/2018/msg00007.html"
                },
                {
                  "name": "https://shibboleth.net/community/advisories/secadv_20180112.txt",
                  "refsource": "MISC",
                  "url": "https://shibboleth.net/community/advisories/secadv_20180112.txt"
                },
                {
                  "name": "[debian-lts-announce] 20180114 [SECURITY] [DLA 1242-1] xmltooling security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html"
                },
                {
                  "name": "1040177",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040177"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2018-0486",
        "datePublished": "2018-01-13T18:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:28:11.047Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }