6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.004 Low
EPSS
Percentile
74.3%
Shibboleth consortium reports:
Shibboleth SP software vulnerable to forged user attribute data
The Service Provider software relies on a generic XML parser to
process SAML responses and there are limitations in older versions
of the parser that make it impossible to fully disable Document Type
Definition (DTD) processing.
Through addition/manipulation of a DTD, it's possible to make
changes to an XML document that do not break a digital signature but
are mishandled by the SP and its libraries. These manipulations can
alter the user data passed through to applications behind the SP and
result in impersonation attacks and exposure of protected
information.
While newer versions of the xerces-c3 parser are configured by the
SP into disallowing the use of a DTD via an environment variable,
this feature is not present in the xerces-c3 parser before version
3.1.4, so an additional fix is being provided now that an actual DTD
exploit has been identified. Xerces-c3-3.1.4 was committed to the
ports tree already on 2016-07-26.
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.004 Low
EPSS
Percentile
74.3%