CVE-2009-3474
First published: Tue Sep 29 2009(Updated: )
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet2 Opensaml | =2.0 | |
| Internet2 Opensaml | =2.1.0 | |
| Internet2 Opensaml | =2.2.0 | |
| Internet2 Xmltooling | =1.0.1 | |
| Internet2 Xmltooling | =1.1.0 | |
| Internet2 Xmltooling | =1.1.1 | |
| Internet2 Xmltooling | =1.2.0 | |
| Internet2 Shibboleth-sp | =1.3.1 | |
| Internet2 Shibboleth-sp | =1.3.2 | |
| Internet2 Shibboleth-sp | =1.3b | |
| Internet2 Shibboleth-sp | =1.3f | |
| Internet2 Shibboleth-sp | =2.0 | |
| Internet2 Shibboleth-sp | =2.1 | |
| Internet2 Shibboleth-sp | =2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/36876
- http://www.securityfocus.com/bid/36516
- http://secunia.com/advisories/36855
- http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt
- http://secunia.com/advisories/36868
- http://www.debian.org/security/2009/dsa-1895
- https://bugs.internet2.edu/jira/browse/CPPOST-28
- http://www.debian.org/security/2009/dsa-1896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53474
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/internet2
- canonical/internet2 opensaml
- version/internet2 opensaml/2.0
- version/internet2 opensaml/2.1.0
- version/internet2 opensaml/2.2.0
- canonical/internet2 xmltooling
- version/internet2 xmltooling/1.0.1
- version/internet2 xmltooling/1.1.0
- version/internet2 xmltooling/1.1.1
- version/internet2 xmltooling/1.2.0
- canonical/internet2 shibboleth-sp
- version/internet2 shibboleth-sp/1.3.1
- version/internet2 shibboleth-sp/1.3.2
- version/internet2 shibboleth-sp/1.3b
- version/internet2 shibboleth-sp/1.3f
- version/internet2 shibboleth-sp/2.0
- version/internet2 shibboleth-sp/2.1
- version/internet2 shibboleth-sp/2.2