Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)

Information

Severity

Severity

Low

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

2.6

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

12 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to shibboleth-sp, shibboleth-sp2, opensaml2 announced via advisory DSA 1947-1.

Insight

Insight

Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. More details can be found in the Shibboleth advisory at http://shibboleth.internet2.edu/secadv/secadv_20091104.txt For the old stable distribution (etch), this problem has been fixed in version 1.3f.dfsg1-2+etch2 of shibboleth-sp. For the stable distribution (lenny), this problem has been fixed in version 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2 of shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2. For the unstable distribution (sid), this problem has been fixed in version 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and version 1.3.1-1 of xmltooling. We recommend that you upgrade your Shibboleth packages.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201947-1

Common Vulnerabilities and Exposures (CVE)