The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSAML Java 2: overload via Gzip Bomb

Synthesis of the vulnerability 

An attacker can trigger an overload via Gzip Bomb of OpenSAML Java 2, in order to trigger a denial of service.
Impacted systems: OpenSAML-J.
Severity of this alert: 2/4.
Creation date: 21/09/2020.
Références of this alert: JXT-126, VIGILANCE-VUL-33371.

Description of the vulnerability 

An attacker can trigger an overload via Gzip Bomb of OpenSAML Java 2, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability announce impacts software or systems such as OpenSAML-J.

Our Vigil@nce team determined that the severity of this cybersecurity threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat 

OpenSAML Java 2: workaround for Gzip Bomb.
A workaround is indicated in the information source.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability analysis. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.