CVE-2009-3474

NONECVSS 0.0

0.0

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.

🔗 References (18)

cve@mitrehttp://secunia.com/advisories/36855
cve@mitrehttp://secunia.com/advisories/36868
cve@mitrehttp://secunia.com/advisories/36876
cve@mitrehttp://shibboleth.internet2.edu/secadv/secadv_20090817a.txt
cve@mitrehttp://www.debian.org/security/2009/dsa-1895
cve@mitrehttp://www.debian.org/security/2009/dsa-1896
cve@mitrehttp://www.securityfocus.com/bid/36516
cve@mitrehttps://bugs.internet2.edu/jira/browse/CPPOST-28
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/53474
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36855
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36868
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36876
af854a3a-2127-422b-91ae-364da2661108http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1895
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1896

Is Your Infrastructure Affected by CVE-2009-3474?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3474

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3474?