CVE-2009-3476
Published Sep 29, 2009
Last updated 7 years ago
Overview
- Description
- Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE02AD93-8ED6-46F1-81D8-B70CB9EB79BF"
},
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6CF3BEC-262B-4901-8D73-D8BB1869A166"
},
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C44598D-2BB6-48AB-81E8-3789D0056B68"
},
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:1.3f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4515685C-B170-4829-9261-8FAD5C9F1874"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internet2:opensaml:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "619E183F-BAA6-4964-8B58-175856734146"
},
{
"criteria": "cpe:2.3:a:internet2:opensaml:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "759EB34A-48FB-43E8-9030-545E41622371"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internet2:xmltooling:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2D36F93-B9DE-422C-AD73-3D8AA58DB6BE"
},
{
"criteria": "cpe:2.3:a:internet2:xmltooling:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5FCBF08-0DD9-4899-B4F5-5D7BFB0B5830"
},
{
"criteria": "cpe:2.3:a:internet2:xmltooling:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5457FF44-CB80-486B-B3B2-D40F34565976"
},
{
"criteria": "cpe:2.3:a:internet2:xmltooling:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C3A371A-AF3E-44E5-8854-C5D61FF5660C"
},
{
"criteria": "cpe:2.3:a:internet2:xmltooling:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB54B310-7562-48E3-A514-04D70AF7A28B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FC9CB94-188C-4BE2-AD8E-EBBA5BA3731E"
},
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9E3DA80-673A-47D7-BDE2-0AC112BB6C4C"
},
{
"criteria": "cpe:2.3:a:internet2:shibboleth-sp:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "673CCD0B-9202-4EBA-96B2-11A438E8D464"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]