[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-dev
Subject:    Re: XML External Entity (XXE) vulnerability
From:       "Cantor, Scott" <cantor.2 () osu ! edu>
Date:       2015-02-24 0:01:21
Message-ID: DEAC0137-4FD8-42A2-AFE7-E69DA8ABFEBE () osu ! edu
[Download RAW message or body]

On 2/23/15, 11:14 PM, "Tom Scavo" <trscavo@gmail.com> wrote:



>On Mon, Feb 23, 2015 at 6:04 PM, Daniel Fisher <dfisher@vt.edu> wrote:
>> On Mon, Feb 23, 2015 at 5:24 PM, Tom Scavo <trscavo@gmail.com> wrote:
>>>
>>> Not sure if I should send this under the radar but here's a blog post
>>> that claims there's a vulnerability in some OpenSAML code on the wiki:
>>>
>>> 
>>>http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and
>>>-the-dangers-of-saml
>>
>> I believe this hit the users list some time ago.
>>
>> 
>>http://shibboleth.1660669.n2.nabble.com/web-based-single-sign-on-and-the-
>>dangers-of-saml-xml-td7592366.html
>
>Thanks Daniel. I didn't realize this is over a year old.

There's also an advisory for it.

http://shibboleth.net/community/advisories/secadv_20131213.txt


-- Scott

-- 
To unsubscribe from this list send an email to dev-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]