5
CVE-2011-2516
- EPSS 7.3%
- Published 11.07.2011 20:55:01
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
Data is provided by the National Vulnerability Database (NVD)
Shibboleth ≫ Shibboleth-sp Version <= 2.4.2
Shibboleth ≫ Shibboleth-sp Version1.3.1
Shibboleth ≫ Shibboleth-sp Version1.3.2
Shibboleth ≫ Shibboleth-sp Version1.3.3
Shibboleth ≫ Shibboleth-sp Version1.3.4
Shibboleth ≫ Shibboleth-sp Version1.3.5
Shibboleth ≫ Shibboleth-sp Version1.3f
Shibboleth ≫ Shibboleth-sp Version2.0
Shibboleth ≫ Shibboleth-sp Version2.1
Shibboleth ≫ Shibboleth-sp Version2.2
Shibboleth ≫ Shibboleth-sp Version2.2.1
Shibboleth ≫ Shibboleth-sp Version2.3
Shibboleth ≫ Shibboleth-sp Version2.3.1
Shibboleth ≫ Shibboleth-sp Version2.4
Shibboleth ≫ Shibboleth-sp Version2.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.3% | 0.908 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|