CVE-2018-0486
N/A
N/A
Summary
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | XMLTooling-C before 1.6.3 | XMLTooling-C before 1.6.3 | affected |
Weaknesses
- mishandles digital signatures
ADP Enrichment
CVE Program Container
Additional References
- https://www.debian.org/security/2018/dsa-4085
- https://lists.debian.org/debian-security-announce/2018/msg00007.html
- https://shibboleth.net/community/advisories/secadv_20180112.txt
- https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html
- http://www.securitytracker.com/id/1040177
References
- https://www.debian.org/security/2018/dsa-4085
- https://lists.debian.org/debian-security-announce/2018/msg00007.html
- https://shibboleth.net/community/advisories/secadv_20180112.txt
- https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html
- http://www.securitytracker.com/id/1040177
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.