admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-114xx/CVE-2017-11428.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

145 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-11428",
"sourceIdentifier": "security@duo.com",
"published": "2019-04-17T14:29:00.323",
"lastModified": "2019-10-09T23:22:05.853",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
},
{
"lang": "es",
"value": "OneLogin Ruby-SAML versi\u00f3n 1.6.0 y versiones anteriores pueden utilizar incorrectamente los resultados de las API de migraci\u00f3n y canonicalizaci\u00f3n de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptogr\u00e1fica, lo que permite que el ataque omita la autorizaci\u00f3n de los proveedores de servicio SAML."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@duo.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@duo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "A91764B6-BE43-4720-B876-620FE48D3C71"
}
]
}
]
}
],
"references": [
{
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"source": "security@duo.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.kb.cert.org/vuls/id/475445",
"source": "security@duo.com",
"tags": [
"US Government Resource",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink