Home |
Announcements |
Knowledge Base |
Forums |
Ask for Help |
ABN 13 155 355 685 Trade Mark: 169 1608 ® |
Privacy Policy | Privacy Collection Notice |
Dalia Abraham
The Shibboleth Identity Provider supports a number of login flows that rely on servlets or JSP pages to operate, including:
The Shibboleth IdP project has identified that a denial of service attack by a remote, unauthenticated attacker, via Java heap exhaustion due to the creation of objects in the Java Servlet container session, under certain conditions.
Rapid IdP subscribers
All IdPs hosted by AAF Rapid IdP have already been upgraded and no further action is required.
If your organisation is interested in automated security patches, please contact enquiries@aaf.edu.au regarding Rapid IdP.
Affected Versions
Recommendations
On-Prem IdP Subscribers
View the official security advisory
https://shibboleth.net/community/advisories/secadv_20191002.txt
Thank you to the Shibboleth project, and technical teams at QUT for the research and code patches that underpin this advisory.