Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shibboleth 安全漏洞
Vulnerability Description
Shibboleth是英国Shibboleth公司的一套基于Windows平台的开源的SAML协议的Web单点登录系统。Identity Provider(IdP)是其中的一个用户信息提供程序。OpenSAML Java(OpenSAML-J)是其中的一个使用Java语言编写的开源且用于实现SAML(Security Assertion Markup Language,安全断言标记语言)的库。 Shibboleth IdP 2.4.1之前版本和OpenSAML Java 2.6.2版本中存在安全漏洞,该漏
CVSS Information
N/A
Vulnerability Type
N/A