CVE-2011-1411 Information

Description

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1 and IdP before 2.3.2 allows remote attackers to forge messages and bypass authentication via an \XML Signature wrapping attack.\

Reference

http://secunia.com/advisories/50994 http://shibboleth.internet2.edu/secadv/secadv_20110725.txt http://www.debian.org/security/2011/dsa-2284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html