Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3476

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Published

2009-09-29T23:30:00.267

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application internet2 shibboleth-sp 1.3.1 Yes
Application internet2 shibboleth-sp 1.3.2 Yes
Application internet2 shibboleth-sp 1.3.3 Yes
Application internet2 shibboleth-sp 1.3f Yes
Application internet2 opensaml 1.1 Yes
Application internet2 opensaml 1.1.1 Yes
Application internet2 xmltooling 1.0.1 Yes
Application internet2 xmltooling 1.1.0 Yes
Application internet2 xmltooling 1.1.1 Yes
Application internet2 xmltooling 1.2.0 Yes
Application internet2 xmltooling 1.2.1 Yes
Application internet2 shibboleth-sp 2.0 Yes
Application internet2 shibboleth-sp 2.1 Yes
Application internet2 shibboleth-sp 2.2 Yes
References