Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by kay_framework_project

CVE-2011-4314 (GCVE-0-2011-4314)

Vulnerability from cvelistv5 – Published: 2012-01-27 15:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.redhat.com/support/errata/RHSA-2011-18… vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/44496 third-party-advisoryx_refsource_SECUNIA
http://openid.net/2011/05/05/attribute-exchange-s… x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-0519.html vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/48954 third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0441.html vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2011/11/16/1 mailing-listx_refsource_MLIST
https://issues.jboss.org/browse/SOA-3597 x_refsource_CONFIRM
https://issues.jboss.org/browse/JBEPP-1368 x_refsource_CONFIRM
http://securitytracker.com/id?1026400 vdb-entryx_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2011/11/17/1 mailing-listx_refsource_MLIST
http://secunia.com/advisories/48697 third-party-advisoryx_refsource_SECUNIA
Date Public ?
2011-11-16 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:01:51.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2011:1804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
          },
          {
            "name": "44496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44496"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
          },
          {
            "name": "RHSA-2012:0519",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
          },
          {
            "name": "48954",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48954"
          },
          {
            "name": "RHSA-2012:0441",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
          },
          {
            "name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/SOA-3597"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/JBEPP-1368"
          },
          {
            "name": "1026400",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1026400"
          },
          {
            "name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
          },
          {
            "name": "48697",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48697"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-11-27T10:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2011:1804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
        },
        {
          "name": "44496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44496"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
        },
        {
          "name": "RHSA-2012:0519",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
        },
        {
          "name": "48954",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48954"
        },
        {
          "name": "RHSA-2012:0441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
        },
        {
          "name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/SOA-3597"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/JBEPP-1368"
        },
        {
          "name": "1026400",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1026400"
        },
        {
          "name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
        },
        {
          "name": "48697",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48697"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4314",
    "datePublished": "2012-01-27T15:00:00.000Z",
    "dateReserved": "2011-11-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:01:51.595Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}