JBoss OpenID4Java Signature Validation Flaw Lets Remote Users Modify Data
|
|
SecurityTracker Alert ID: 1026400 |
|
SecurityTracker URL: http://securitytracker.com/id/1026400
|
|
CVE Reference:
CVE-2011-4314
(Links to External Site)
|
Updated: Dec 9 2011
|
Original Entry Date: Dec 9 2011
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in JBoss. A remote user can modify data in certain cases.
The Attribute Exchange (AX) extension of OpenID4Java does not validate that received information is digitally signed. A remote user with the ability to conduct a man-in-the-middle attack can modify request data.
|
Impact:
A remote user with the ability to conduct a man-in-the-middle attack can modify request data.
|
Solution:
The vendor has issued a fix.
The vendor advisories are available at:
https://rhn.redhat.com/errata/RHSA-2011-1798.html
https://rhn.redhat.com/errata/RHSA-2011-1799.html
https://rhn.redhat.com/errata/RHSA-2011-1800.html
https://rhn.redhat.com/errata/RHSA-2011-1802.html
https://rhn.redhat.com/errata/RHSA-2011-1803.html
https://rhn.redhat.com/errata/RHSA-2011-1804.html
https://rhn.redhat.com/errata/RHSA-2011-1805.html
https://rhn.redhat.com/errata/RHSA-2011-1806.html
|
Vendor URL: rhn.redhat.com/errata/RHSA-2011-1798.html (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Linux (Red Hat Enterprise)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 09 Dec 2011 04:40:49 +0000
Subject: JBoss
|
CVE-2011-4314
https://rhn.redhat.com/errata/RHSA-2011-1798.html
https://rhn.redhat.com/errata/RHSA-2011-1800.html
https://rhn.redhat.com/errata/RHSA-2011-1802.html
https://rhn.redhat.com/errata/RHSA-2011-1803.html
https://rhn.redhat.com/errata/RHSA-2011-1804.html
https://rhn.redhat.com/errata/RHSA-2011-1805.html
https://rhn.redhat.com/errata/RHSA-2011-1806.html
|
|
