CVE-2011-4314
N/A
N/A
Summary
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.redhat.com/support/errata/RHSA-2011-1804.html
- http://secunia.com/advisories/44496
- http://openid.net/2011/05/05/attribute-exchange-security-alert/
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://secunia.com/advisories/48954
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://www.openwall.com/lists/oss-security/2011/11/16/1
- https://issues.jboss.org/browse/SOA-3597
- https://issues.jboss.org/browse/JBEPP-1368
- http://securitytracker.com/id?1026400
- http://www.openwall.com/lists/oss-security/2011/11/17/1
- http://secunia.com/advisories/48697
References
- http://www.redhat.com/support/errata/RHSA-2011-1804.html
- http://secunia.com/advisories/44496
- http://openid.net/2011/05/05/attribute-exchange-security-alert/
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://secunia.com/advisories/48954
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://www.openwall.com/lists/oss-security/2011/11/16/1
- https://issues.jboss.org/browse/SOA-3597
- https://issues.jboss.org/browse/JBEPP-1368
- http://securitytracker.com/id?1026400
- http://www.openwall.com/lists/oss-security/2011/11/17/1
- http://secunia.com/advisories/48697
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.