Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-2516 | First vendor Publication | 2011-07-11 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2516 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12479 | |||
| Oval ID: | oval:org.mitre.oval:def:12479 | ||
| Title: | DSA-2277-1 xml-security-c -- stack-based buffer overflow | ||
| Description: | It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitrary code by tricking an application into verifying a signature created with a sufficiently long RSA key. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2277-1 CVE-2011-2516 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | xml-security-c |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-03 | Name : Debian Security Advisory DSA 2277-1 (xml-security-c) File : nvt/deb_2277_1.nasl |
| 2011-08-02 | Name : Fedora Update for xml-security-c FEDORA-2011-9494 File : nvt/gb_fedora_2011_9494_xml-security-c_fc15.nasl |
| 2011-08-02 | Name : Fedora Update for xml-security-c FEDORA-2011-9501 File : nvt/gb_fedora_2011_9501_xml-security-c_fc14.nasl |
| 2011-07-15 | Name : Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability... File : nvt/gb_shibboleth_xml_dos_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 73644 | Apache XML Security Signature Key Parsing Overflow DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9494.nasl - Type : ACT_GATHER_INFO |
| 2011-08-01 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9501.nasl - Type : ACT_GATHER_INFO |
| 2011-07-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2277.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:04:44 |
|
| 2024-11-28 12:26:08 |
|
| 2023-02-13 09:28:56 |
|
| 2021-09-17 17:23:18 |
|
| 2021-05-04 12:14:43 |
|
| 2021-04-22 01:16:02 |
|
| 2020-05-23 01:44:49 |
|
| 2020-05-23 00:28:56 |
|
| 2019-08-27 12:04:10 |
|
| 2018-10-10 00:19:44 |
|
| 2017-08-29 09:23:17 |
|
| 2016-04-26 20:51:49 |
|
| 2014-02-17 11:03:20 |
|
| 2013-05-10 23:03:10 |
|
