NuytsTech Security

CVE-2015-0851

by ·

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

Date published : 2015-08-12

http://www.securityfocus.com/bid/76134

http://shibboleth.net/community/advisories/secadv_20150721.txt

Tags: