CVE-2009-3476

Sažetak

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Reference

http://secunia.com/advisories/36869
http://secunia.com/advisories/36870
http://shibboleth.internet2.edu/secadv/secadv_20090826.txt
http://www.securityfocus.com/bid/36514
https://exchange.xforce.ibmcloud.com/vulnerabilities/53471

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

29-09-2009 - 23:30