{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-17T10:06:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2277", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2277"}, {"name": "45491", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45491"}, {"name": "45151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45151"}, {"name": "20110707 Security Advisory: CVE-2011-2516", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/518756/100/0/threaded"}, {"name": "apache-xml-dos(68420)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68420"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/SANTUARIO-271"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://santuario.apache.org/secadv/CVE-2011-2516.txt"}, {"name": "FEDORA-2011-9501", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html"}, {"name": "45198", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45198"}, {"name": "45191", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45191"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://shibboleth.internet2.edu/secadv/secadv_20110706.txt"}, {"name": "1025755", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025755"}, {"name": "FEDORA-2011-9494", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html"}, {"name": "48611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48611"}, {"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"}, {"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.179Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2277", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2277"}, {"name": "45491", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45491"}, {"name": "45151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45151"}, {"name": "20110707 Security Advisory: CVE-2011-2516", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/518756/100/0/threaded"}, {"name": "apache-xml-dos(68420)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68420"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/SANTUARIO-271"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://santuario.apache.org/secadv/CVE-2011-2516.txt"}, {"name": "FEDORA-2011-9501", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html"}, {"name": "45198", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45198"}, {"name": "45191", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45191"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://shibboleth.internet2.edu/secadv/secadv_20110706.txt"}, {"name": "1025755", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025755"}, {"name": "FEDORA-2011-9494", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html"}, {"name": "48611", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48611"}, {"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"}, {"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2516", "datePublished": "2011-07-11T20:00:00", "dateReserved": "2011-06-15T00:00:00", "dateUpdated": "2024-08-06T23:00:34.179Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE01141-059F-404B-87BC-B4D88E2BF547", "versionEndIncluding": "2.4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5043D47F-AF0F-4DFD-854F-6D135EC62BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C25906CE-5945-417F-975C-60D54544603E", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B3BF8C04-9F3E-4CF4-B52A-FBDEE44D7859", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC5A13CD-7608-4C29-8EF8-88C37E895D4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "24024881-F6D9-41FD-86C4-7F76975A42DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:1.3f:*:*:*:*:*:*:*", "matchCriteriaId": "7B29C5BE-1AB0-4D60-B486-52E3AE336717", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BA0FD6B-C0D0-4789-9B15-AD8D12F52B6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "39F2B89D-387F-4834-8039-4E55338FC5D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "70753E30-5E8B-4882-BA4F-6448F29ED790", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5C0B7D3-6ACD-4D65-8707-54B77065A577", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "47310E84-9F85-4914-B831-A9CC2605330F", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "978A7038-2308-46CE-B640-73FDA477F185", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0A31CFC1-DA8F-4022-97DB-985EB98ED1D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:shibboleth:shibboleth-sp:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC2315E9-D1DA-4C63-B710-445FAAC31EEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow."}, {"lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la caracter\u00edstica de firma XML en Apache XML Security para C++ v1.6.0,usado en Shibboleth anterior a v2.4.3 y posiblemente otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una firma utilizando una clave RSA larga, que provoca un desbordamiento de b\u00fafer."}], "id": "CVE-2011-2516", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-07-11T20:55:01.380", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://santuario.apache.org/secadv/CVE-2011-2516.txt"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45151"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45191"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/45198"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/45491"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://shibboleth.internet2.edu/secadv/secadv_20110706.txt"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2277"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/518756/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48611"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1025755"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68420"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://issues.apache.org/jira/browse/SANTUARIO-271"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://santuario.apache.org/secadv/CVE-2011-2516.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/45491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://shibboleth.internet2.edu/secadv/secadv_20110706.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/518756/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1025755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://issues.apache.org/jira/browse/SANTUARIO-271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}