DEBIAN-CVE-2011-4314

DEBIAN-CVE-2011-4314 PUBLISHED CVSS 8.699999809265137 HIGH

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:11	openid4java	0, 0, 0
Debian:12	openid4java	0, 0, 0
Debian:14	openid4java	0, 0, 0
Debian:13	openid4java	0, 0, 0

Timeline

Jan 27, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-4314 advisory

Open in Interactive Console →