MidnightBSD

Advisories for kay_framework_project

CVE-2011-4314 MEDIUM

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
kay_framework_project kay_framework 0.0.0
kay_framework_project kay_framework 0.3.0
kay_framework_project kay_framework 1.0.0
kay_framework_project kay_framework 0.1.0
openid openid4java 0.9.4.339
openid openid4java 0.9.3
redhat jboss_enterprise_application_platform 5.1.1
redhat jboss_enterprise_application_platform 5.1.2
kay_framework_project kay_framework *
redhat jboss_enterprise_application_platform 5.1.0
kay_framework_project kay_framework 0.8.0
openid openid4java *
openid openid4java 0.9.2
kay_framework_project kay_framework 0.2.0