Package: libapache2-mod-axis2c Severity: important Tags: security Hi,
Researchers have found a flaw in the SAML logic in Axis 2 where signatures are validated when and only when they are included: validation can hence be bypassed by not including a SAML assertion signature at all. This is described in the following paper: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf and has been assigned CVE-2012-5351. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org