5.8
CVE-2011-4314
- EPSS 3.2%
- Veröffentlicht 27.01.2012 15:55:04
- Zuletzt bearbeitet 16.06.2026 23:34:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kay Framework Project ≫ Kay Framework Version <= 1.0.1
Kay Framework Project ≫ Kay Framework Version0.0.0 Update-
Kay Framework Project ≫ Kay Framework Version0.1.0
Kay Framework Project ≫ Kay Framework Version0.2.0
Kay Framework Project ≫ Kay Framework Version0.3.0
Kay Framework Project ≫ Kay Framework Version0.8.0
Kay Framework Project ≫ Kay Framework Version1.0.0
Openid ≫ Openid4java Version <= 0.9.5.593
Openid ≫ Openid4java Version0.9.2
Openid ≫ Openid4java Version0.9.3
Openid ≫ Openid4java Version0.9.4.339
Redhat ≫ Jboss Enterprise Application Platform Version5.1.0
Redhat ≫ Jboss Enterprise Application Platform Version5.1.1
Redhat ≫ Jboss Enterprise Application Platform Version5.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.2% | 0.865 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://openid.net/2011/05/05/attribute-exchange-security-alert/
http://rhn.redhat.com/errata/RHSA-2012-0441.html
http://rhn.redhat.com/errata/RHSA-2012-0519.html
http://secunia.com/advisories/44496
http://secunia.com/advisories/48697
http://secunia.com/advisories/48954
http://securitytracker.com/id?1026400
http://www.openwall.com/lists/oss-security/2011/11/16/1
http://www.openwall.com/lists/oss-security/2011/11/17/1
http://www.redhat.com/support/errata/RHSA-2011-1804.html
https://issues.jboss.org/browse/JBEPP-1368
https://issues.jboss.org/browse/SOA-3597