CVE-2011-2516

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Score

7.3%

Exploitation probability in 30 days

Top 8% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

None

Availability

Published: July 11, 2011 (5421 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.

CWE

CWE-189

Affected Products

apache xml security for c\+\+shibboleth shibboleth-sp

References

🔗 lists.fedoraproject.org 🔗 lists.fedoraproject.org 🔗 santuario.apache.org 🔗 secunia.com 🔗 secunia.com

CVE-2011-2516

Vulnerability Report

Description

CWE

Affected Products

References