Main Vulnerability Database Vulnerabilities #VU35114

Input validation error in Debian Linux - CVE-2011-4625

Published: November 6, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35114

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4625

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Debian

Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

How to mitigate CVE-2011-4625

Install update from vendor's website.

Sources

https://security-tracker.debian.org/tracker/CVE-2011-4625
https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545

Input validation error in Debian Linux - CVE-2011-4625

Detailed vulnerability description

How to mitigate CVE-2011-4625

Sources

Please verify you're human