Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
internet2 shibboleth-sp 加密问题漏洞
Vulnerability Description
Internet2 Shibboleth Service Provider software 1.3.3版本之前的1.3.x版本以及2.2.1版本之前的2.x版本,当在运行PKIX委托验证程序时,没有试点各地处理证书subject或subjectAltName字段的一个'\0'字符,这会允许远程中间人攻击者借助一个特制的由合法的证书认证机构颁发的证书来骗取任意SSL。
CVSS Information
N/A
Vulnerability Type
N/A