AAF logo

Security Alerts - Shibboleth Service Provider Security Advisory [31 August 2020]

Security stuff

Shibboleth Service Provider Security Advisory [31 August 2020]

Shibboleth has released an updated version of the "modern" module for Microsoft IIS V7+ which corrects a denial of service vulnerability.


IIS module fails to trap exceptions raised by network socket failures
This issue is specific to the newer IIS module and does not impact the older ISAPI filter/extension or the Apache modules or any other SP integration variants.

Recommendations

Login or Signup to post a comment

Newsletter Sign-up

To receive regular updates from AAF:
Add Me to the General List or Add Me to the Technical List or Add Me to the ORCID mailing list