CVE-2009-3476
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
| Software | From | Fixed in |
|---|---|---|
| internet2 / shibboleth-sp | 1.3.1 | 1.3.1.x |
| internet2 / shibboleth-sp | 1.3.2 | 1.3.2.x |
| internet2 / shibboleth-sp | 1.3.3 | 1.3.3.x |
| internet2 / shibboleth-sp | 1.3f | 1.3f.x |
| internet2 / opensaml | 1.1 | 1.1.x |
| internet2 / opensaml | 1.1.1 | 1.1.1.x |
| internet2 / xmltooling | 1.0.1 | 1.0.1.x |
| internet2 / xmltooling | 1.1.0 | 1.1.0.x |
| internet2 / xmltooling | 1.1.1 | 1.1.1.x |
| internet2 / xmltooling | 1.2.0 | 1.2.0.x |
| internet2 / xmltooling | 1.2.1 | 1.2.1.x |
| internet2 / shibboleth-sp | 2.0 | 2.0.x |
| internet2 / shibboleth-sp | 2.1 | 2.1.x |
| internet2 / shibboleth-sp | 2.2 | 2.2.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime