Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for kay_framework by kay_framework_project
CVE-2011-4314 (GCVE-0-2011-4314)
Vulnerability from nvd – Published: 2012-01-27 15:00 – Updated: 2024-08-07 00:01
VLAI
Summary
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-18… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/44496 | third-party-advisoryx_refsource_SECUNIA |
| http://openid.net/2011/05/05/attribute-exchange-s… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2012-0519.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/48954 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2012-0441.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2011/11/16/1 | mailing-listx_refsource_MLIST |
| https://issues.jboss.org/browse/SOA-3597 | x_refsource_CONFIRM |
| https://issues.jboss.org/browse/JBEPP-1368 | x_refsource_CONFIRM |
| http://securitytracker.com/id?1026400 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2011/11/17/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/48697 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
},
{
"name": "44496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
},
{
"name": "RHSA-2012:0519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name": "48954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48954"
},
{
"name": "RHSA-2012:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/SOA-3597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBEPP-1368"
},
{
"name": "1026400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026400"
},
{
"name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
},
{
"name": "48697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-27T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
},
{
"name": "44496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
},
{
"name": "RHSA-2012:0519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name": "48954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48954"
},
{
"name": "RHSA-2012:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/SOA-3597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/JBEPP-1368"
},
{
"name": "1026400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026400"
},
{
"name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
},
{
"name": "48697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48697"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4314",
"datePublished": "2012-01-27T15:00:00.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4314 (GCVE-0-2011-4314)
Vulnerability from cvelistv5 – Published: 2012-01-27 15:00 – Updated: 2024-08-07 00:01
VLAI
Summary
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-18… | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/44496 | third-party-advisoryx_refsource_SECUNIA |
| http://openid.net/2011/05/05/attribute-exchange-s… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2012-0519.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/48954 | third-party-advisoryx_refsource_SECUNIA |
| http://rhn.redhat.com/errata/RHSA-2012-0441.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2011/11/16/1 | mailing-listx_refsource_MLIST |
| https://issues.jboss.org/browse/SOA-3597 | x_refsource_CONFIRM |
| https://issues.jboss.org/browse/JBEPP-1368 | x_refsource_CONFIRM |
| http://securitytracker.com/id?1026400 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2011/11/17/1 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/48697 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-11-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
},
{
"name": "44496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
},
{
"name": "RHSA-2012:0519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name": "48954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48954"
},
{
"name": "RHSA-2012:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/SOA-3597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBEPP-1368"
},
{
"name": "1026400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026400"
},
{
"name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
},
{
"name": "48697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-27T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html"
},
{
"name": "44496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/"
},
{
"name": "RHSA-2012:0519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name": "48954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48954"
},
{
"name": "RHSA-2012:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/SOA-3597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/JBEPP-1368"
},
{
"name": "1026400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026400"
},
{
"name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/17/1"
},
{
"name": "48697",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48697"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4314",
"datePublished": "2012-01-27T15:00:00.000Z",
"dateReserved": "2011-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:51.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}