CVE-2016-5697

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.3.0

Description The issue allows attackers to perform XML signature wrapping attacks. This occurs in a specific scenario where a signature references two elements simultaneously, one of which is inside an encrypted assertion, bypassing the scheme validator process.

Recommendations For ruby-saml versions prior to 1.3.0, update to version 1.3.0, which implements extra validations to mitigate this kind of attack.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2016-5697

GHSA-36P7-XJW8-H6F2

USN-7309-1

Affected Products

Linuxmint

Ubuntu

Ruby-Saml

CVE-2016-5697

Weakness Enumeration

Related Identifiers

Affected Products

References · 16