Test Kennung:	1.3.6.1.4.1.25623.1.0.813051
Kategorie:	General
Titel:	Shibboleth XMLTooling-C Library Security Bypass Vulnerability
Zusammenfassung:	Shibboleth Service Provider is prone to a security bypass vulnerability.
Beschreibung:	Summary: Shibboleth Service Provider is prone to a security bypass vulnerability. Vulnerability Insight: The flaw exists due to limitations in older versions of the XML parser that make it impossible to fully disable Document Type Definition (DTD) processing. Through addition/manipulation of a DTD, it's possible to make changes to an XML document that do not break a digital signature but are mishandled by the SP and its libraries processing. Vulnerability Impact: Successful exploitation will allow attacker to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Affected Software/OS: Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4. Solution: Upgrade to Shibboleth Service Provider release (V2.6.1.4) or upgrade XMLTooling-C library to version 1.6.4. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	BugTraq ID: 103172 Common Vulnerability Exposure (CVE) ID: CVE-2018-0489 http://www.securityfocus.com/bid/103172 Debian Security Information: DSA-4126 (Google Search) https://www.debian.org/security/2018/dsa-4126 https://lists.debian.org/debian-lts-announce/2018/02/msg00031.html http://www.securitytracker.com/id/1040435
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.