漏洞类别:Local
漏洞等级: 
漏洞信息
The Ruby SAML library is for implementing the client side of a SAML authorization, i.e. it provides a means for managing authorization initialization and confirmation requests from identity providers.
The ruby-saml gem is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
Affected Versions:
ruby-saml prior to 1.3.0
漏洞危害
Successful exploitation allows an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
解决方案
Customers are advised to upgrade to ruby-saml 1.3.0 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论