CVE-2018-0486

Sažetak

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

Reference

http://www.securitytracker.com/id/1040177
https://lists.debian.org/debian-lts-announce/2018/01/msg00016.html
https://lists.debian.org/debian-security-announce/2018/msg00007.html
https://shibboleth.net/community/advisories/secadv_20180112.txt
https://www.debian.org/security/2018/dsa-4085

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

15-02-2018 - 18:24

Objavljeno

13-01-2018 - 18:29