{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, {"name": "55892", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55892"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"}, {"name": "josso-signature-security-bypass(79241)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=865169", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, {"name": "55892", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55892"}, {"name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", "refsource": "MISC", "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"}, {"name": "josso-signature-security-bypass(79241)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.003Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, {"name": "55892", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55892"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"}, {"name": "josso-signature-security-bypass(79241)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5352", "datePublished": "2012-10-09T23:00:00", "dateReserved": "2012-10-09T00:00:00", "dateUpdated": "2024-08-06T21:05:47.003Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:josso:java_open_single_sign-on_project_home:-:*:*:*:*:*:*:*", "matchCriteriaId": "B84A7524-76AC-4E71-AC20-E3510E80AE31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\""}, {"lang": "es", "value": "Java Open Single Sign-On Project Home (JOSSO) permite a atacantes remotos falsificar mensajes y eludir la autenticaci\u00f3n a trav\u00e9s de una aserci\u00f3n SAML que carece de un elemento Signature, tambi\u00e9n conocido como un \"ataque exclusi\u00f3n de firma\"."}], "id": "CVE-2012-5352", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-09T23:55:05.407", "references": [{"source": "cve@mitre.org", "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/55892"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79241"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "JOSSO: vulnerable to authentication bypass and forged messages due to a Signature exclusion attack", "id": "865169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865169"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack.\""], "name": "CVE-2012-5352", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Under investigation", "package_name": "JOSSO", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2012-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5352"], "statement": "Not vulnerable. The JOSSO server component which exposes this flaw is not shipped in any Red Hat product. The JOSSO agent shipped with JBoss Enterprise Portal Platform does not expose this flaw.", "threat_severity": "Important"}