Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SAML Vulnerability Note VU#475445 - Is Spring Secucity SAML2 affected?

Tags:

xml-parsing

spring-security

spring-saml

saml

saml-2.0

https://www.kb.cert.org/vuls/id/475445 has just been disclosed.

Is this impacting Spring Security SAML2?

I can't see the XML parser used on Spring Security SAML2 on the list of affected APIs.

Let us know.

like image 666
Petras Butkevicius Avatar asked Feb 27 '18 22:02

Petras Butkevicius

1 Answers

I am the Spring Security project lead and I have verified that the exploit does not work against Spring Security SAML with the default settings. This was verified by a colleague as well.

If you change the default settings (set ignoreComments = false), your application becomes vulnerable.

Update: See https://spring.io/blog/2018/03/01/spring-security-saml-and-this-week-s-saml-vulnerability

like image 186
Rob Winch Avatar answered Nov 04 '22 04:11

Rob Winch
Sign in to Comment

Related questions

Securing a Spring Data RepositoryRestResource (CrudRepository) over HTTP, but not internally
Spring boot security consider case insensitive username check for login
Spring Keycloak adapter Permissions Policy Enforcer. How to set it up
Use Spring Properties in Java with CrossOrigin Annotation or in Spring-Config XML
Spring Security with Spring Boot: Mix Basic Authentication with JWT token authentication [duplicate]
Encoded Precent(%25) with Spring RequestMapping path param gives HTTP 400
Implementing Hierarchical Roles in Spring Security
SpelEvaluationException: EL1007E:(pos 43): Field or property 'group' cannot be found on null
Spring Security Java Config - custom AuthenticationProvider and UserDetailsService
Different csrf token per request in Spring security
Missing client_id when accessing token with linkedIn
How to extract authentication token in @Controller
SpringBoot - Error parsing HTTP request header (Oauth2 https endpoints)
Spring-Boot @PreAuthorize allow operation only for admin or if the authenticated user id is same as path parameter id
Could someone explain Spring Security BasePermission.Create?
Howto implement Spring Security User/Authorities with Hibernate/JPA2?
how do I set X-Frame-Options response header to allow-from value(s) using spring java config?
Spring FilterChainProxy with filterSecurityInterceptor not working correctly?
How to enable POST, PUT AND DELETE methods in spring security
What is the reason to use requestMatchers().antMatchers() without a verb in spring security?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!