7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.1%
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by
Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the
KeyDescriptor element’s Use attribute, which allows remote attackers to use
a certificate for both signing and encryption when it is designated for
just one purpose, potentially weakening the intended security application
of the certificate.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.10 | noarch | opensaml | < 1.1.1-2+lenny1build0.8.10.2 | UNKNOWN |
ubuntu | 9.04 | noarch | opensaml | < 1.1.1-2+lenny1build0.9.04.2 | UNKNOWN |
ubuntu | 9.04 | noarch | shibboleth-sp | < 1.3.1.dfsg1-3+lenny1build0.9.04.2 | UNKNOWN |
ubuntu | 8.10 | noarch | xmltooling | < 1.0-2+lenny1build0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | xmltooling | < 1.0-2+lenny1build0.9.04.1 | UNKNOWN |