CVE-2011-2516 in Shibboleth and Apache Products
Published on July 11, 2011

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2011-2516

stack.watch emails you whenever new vulnerabilities are published in Shibboleth Sp or Apache Xml Security For C. Just hit a watch button to start following.

Shibboleth Sp

Apache Xml Security For C

Exploit Probability

EPSS

7.30%

Percentile

91.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2011-2516 in Shibboleth and Apache ProductsPublished on July 11, 2011

Products Associated with CVE-2011-2516

Exploit Probability

CVE-2011-2516 in Shibboleth and Apache Products
Published on July 11, 2011