CVE-2009-3476 Information

Description

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4 and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.

Reference

http://secunia.com/advisories/36869 http://secunia.com/advisories/36870 http://shibboleth.internet2.edu/secadv/secadv_20090826.txt http://www.securityfocus.com/bid/36514 https://exchange.xforce.ibmcloud.com/vulnerabilities/53471 opensaml-xmltooling-url-bo(53471)