CVE-2011-2516
Published Jul 11, 2011
Last updated 2 years ago
Overview
- Description
- Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-189
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EE01141-059F-404B-87BC-B4D88E2BF547",
"versionEndIncluding": "2.4.2"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5043D47F-AF0F-4DFD-854F-6D135EC62BBB"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C25906CE-5945-417F-975C-60D54544603E"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3BF8C04-9F3E-4CF4-B52A-FBDEE44D7859"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC5A13CD-7608-4C29-8EF8-88C37E895D4C"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24024881-F6D9-41FD-86C4-7F76975A42DC"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B29C5BE-1AB0-4D60-B486-52E3AE336717"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BA0FD6B-C0D0-4789-9B15-AD8D12F52B6D"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39F2B89D-387F-4834-8039-4E55338FC5D1"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70753E30-5E8B-4882-BA4F-6448F29ED790"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5C0B7D3-6ACD-4D65-8707-54B77065A577"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47310E84-9F85-4914-B831-A9CC2605330F"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "978A7038-2308-46CE-B640-73FDA477F185"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A31CFC1-DA8F-4022-97DB-985EB98ED1D4"
},
{
"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC2315E9-D1DA-4C63-B710-445FAAC31EEE"
}
],
"operator": "OR"
}
]
}
]