VDB
CVE-2011-4314
CVE-2011-4314
PUBLISHED
CVSS 5.800000190734863 MEDIUM
OpenID4Java does not verify that Attribute Exchange (AX) information is signed
EPSS 0.63% · 70.5th percentile
Risk Scores
CVSS v2.0
5.800000190734863
EPSS Score
0.63%
70.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 5.1.0, 5.1.2, 5.1.1 |
| n/a | n/a | n/a |
| openid | openid4java | 0.9.4.339, 0.9.2, 0.9.3 |
| kay_framework_project | kay_framework | 0, 0.1.0, 0.2.0 |
| Maven | org.openid4java:openid4java | 0 |
Timeline
- Jan 27, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 8, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
References
- RHSA-2011:1804 vendor-advisory
- 44496 third-party-advisory
- http://openid.net/2011/05/05/attribute-exchange-security-alert/ url
- RHSA-2012:0519 vendor-advisory
- 48954 third-party-advisory
- RHSA-2012:0441 vendor-advisory
- [oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information mailing-list
- https://issues.jboss.org/browse/SOA-3597 url
- https://issues.jboss.org/browse/JBEPP-1368 url
- 1026400 vdb
- [oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information mailing-list
- 48697 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-4314 advisory
- https://github.com/jbufu/openid4java package
- https://web.archive.org/web/20201207151157/http://securitytracker.com/id?1026400 url
- http://openid.net/2011/05/05/attribute-exchange-security-alert url