CVE-2011-4314

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
kay_framework_projectkay_framework
𝑥
≤ 1.0.1
kay_framework_projectkay_framework
0.0.0
kay_framework_projectkay_framework
0.1.0
kay_framework_projectkay_framework
0.2.0
kay_framework_projectkay_framework
0.3.0
kay_framework_projectkay_framework
0.8.0
kay_framework_projectkay_framework
1.0.0
openidopenid4java
𝑥
≤ 0.9.5.593
openidopenid4java
0.9.2
openidopenid4java
0.9.3
openidopenid4java
0.9.4.339
redhatjboss_enterprise_application_platform
5.1.0
redhatjboss_enterprise_application_platform
5.1.1
redhatjboss_enterprise_application_platform
5.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openid4java
bullseye
1.0.0-1
fixed
sid
1.0.0-2
fixed
trixie
1.0.0-2
fixed
bookworm
1.0.0-2
fixed
Common Weakness Enumeration
References
http://openid.net/2011/05/05/attribute-exchange-security-alert/
http://rhn.redhat.com/errata/RHSA-2012-0441.html
http://rhn.redhat.com/errata/RHSA-2012-0519.html
http://secunia.com/advisories/44496
http://secunia.com/advisories/48697
http://secunia.com/advisories/48954
http://securitytracker.com/id?1026400
http://www.openwall.com/lists/oss-security/2011/11/16/1
http://www.openwall.com/lists/oss-security/2011/11/17/1
http://www.redhat.com/support/errata/RHSA-2011-1804.html
https://issues.jboss.org/browse/JBEPP-1368
https://issues.jboss.org/browse/SOA-3597
http://openid.net/2011/05/05/attribute-exchange-security-alert/
http://rhn.redhat.com/errata/RHSA-2012-0441.html
http://rhn.redhat.com/errata/RHSA-2012-0519.html
http://secunia.com/advisories/44496
http://secunia.com/advisories/48697
http://secunia.com/advisories/48954
http://securitytracker.com/id?1026400
http://www.openwall.com/lists/oss-security/2011/11/16/1
http://www.openwall.com/lists/oss-security/2011/11/17/1
http://www.redhat.com/support/errata/RHSA-2011-1804.html
https://issues.jboss.org/browse/JBEPP-1368
https://issues.jboss.org/browse/SOA-3597