PT-2011-3777 · Apache · Apache Rampart/C

Jorg Schwenk

Published

2011-06-02

Updated

2017-08-29

CVE-2011-2329

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Rampart/C version 1.3.0

Description The issue is related to the improper calculation of the expiration of timestamp tokens by the rampart timestamp token validate function. This allows remote attackers to bypass intended access restrictions by using an expired token.

Recommendations For Apache Rampart/C version 1.3.0, consider disabling the rampart timestamp token validate function until a patch is available to properly calculate the expiration of timestamp tokens.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-2329

Affected Products

Apache Rampart/C

PT-2011-3777 · Apache · Apache Rampart/C

CVE-2011-2329

Weakness Enumeration

Related Identifiers

Affected Products

References · 5