Secunia
Login
|
|
CVE Reference: CVE-2011-4314 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2011-4314 |
|
|
Description: message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. |
|
|
CVE Status: Candidate |
|
|
References: ST 1026400 SAID Secunia Advisory: SA44496 Secunia Advisory: SA48697 Secunia Advisory: SA48954 REDHAT http://rhn.redhat.com/errata/RHSA-2012-0519.html http://www.redhat.com/support/errata/RHSA-2011-1804.html http://rhn.redhat.com/errata/RHSA-2012-0441.html MLIST http://www.openwall.com/lists/oss-security/2011/11/17/1 http://www.openwall.com/lists/oss-security/2011/11/16/1 CONFIRM http://openid.net/2011/05/05/attribute-exchange-security-alert/ |
|
| Return to the previous page. |
