shibboleth

xmltooling-c

2 known vulnerabilities · sorted by CVSS score

CVE-2018-0489

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

shibboleth / xmltooling-c+5

Network

Published Feb 27, 2018

CVE-2018-0486

MEDIUM6.5

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

shibboleth / xmltooling-c+3

Network

Published Jan 13, 2018