CVE-2011-2516

{"id": "CVE-2011-2516", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-07-11T20:55:01.380", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html", "source": "secalert@redhat.com"}, {"url": "http://santuario.apache.org/secadv/CVE-2011-2516.txt", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45151", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45191", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45198", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/45491", "source": "secalert@redhat.com"}, {"url": "http://shibboleth.internet2.edu/secadv/secadv_20110706.txt", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2277", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/518756/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/48611", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1025755", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68420", "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/SANTUARIO-271", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow."}, {"lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la caracter\u00edstica de firma XML en Apache XML Security para C++ v1.6.0,usado en Shibboleth anterior a v2.4.3 y posiblemente otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una firma utilizando una clave RSA larga, que provoca un desbordamiento de b\u00fafer."}], "lastModified": "2023-02-13T01:19:57.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EE01141-059F-404B-87BC-B4D88E2BF547", "versionEndIncluding": "2.4.2"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5043D47F-AF0F-4DFD-854F-6D135EC62BBB"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C25906CE-5945-417F-975C-60D54544603E"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BF8C04-9F3E-4CF4-B52A-FBDEE44D7859"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC5A13CD-7608-4C29-8EF8-88C37E895D4C"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24024881-F6D9-41FD-86C4-7F76975A42DC"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B29C5BE-1AB0-4D60-B486-52E3AE336717"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BA0FD6B-C0D0-4789-9B15-AD8D12F52B6D"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39F2B89D-387F-4834-8039-4E55338FC5D1"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70753E30-5E8B-4882-BA4F-6448F29ED790"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5C0B7D3-6ACD-4D65-8707-54B77065A577"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47310E84-9F85-4914-B831-A9CC2605330F"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978A7038-2308-46CE-B640-73FDA477F185"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A31CFC1-DA8F-4022-97DB-985EB98ED1D4"}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC2315E9-D1DA-4C63-B710-445FAAC31EEE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}