[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[upki-fed:01044] Shibboleth SP の脆弱性について (2016/5/6)



$B3XG'>pJs8r49(BML$B;22CpJs3X8&5f=j!!3XG';vL36I$NLnED$G$9!#(B
$BJ?AG$h$j3XG'$N1?1D$K$46(NO$r;r$j!$$"$j$,$H$&$4$6$$$^$9!#(B



Shibboleth Project$B$h$j!$(BShibboleth SP$B$K4X$9$k@Hl9g$K(B
$B$O8e=R$N$4BP1~$r$*4j$$$$$?$7$^$9!#(B

----------------------------------------------------------------------
Shibboleth SP$B$N(Bshibboleth2.xml$BEy$N@_Dj%U%!%$%k$K$F!$(BPathRegex$BMWAG$N(B
ignoreCase$BB0@-$NI>2A$,H?E>$7$F$$$kIT6q9g$,H/8+$5$l$^$7$?!#(B
$BK\IT6q9g$K$h$j!$(BPathRegex$B$NI>2A7k2L$O0J2<$H$J$j$^$9!#%G%U%)%k%HCM$O(B
true$B$G$9!#(B

- ignoreCase=true  $B$N>l9g$K(B case-sensitive ($BBgJ8;z>.J8;z$r6hJL$9$k(B)
- ignoreCase=false $B$N>l9g$K(B case-insensitive ($BBgJ8;z>.J8;z$r6hJL$7$J$$(B)

PathRegex$BMWAG$r;HMQ$7$F$$$k>l9g$O!$(BignoreCase$BB0@-$,Dj5A$5$l$F$$$k$+$43N(B
$BG'$$$?$@$-!$0J2<$NDL$j@_Dj$7$F$/$@$5$$!#(B

- ignoreCase$BB0@-$,Dj5A$5$l$F$$$k>l9g$O!$@_DjCM$rH?E>$7$F$/$@$5$$!#(B
   ("true"$B$N>l9g$O(B"false"$B$KJQ99!$(B"false"$B$N>l9g$O(B"true"$B$KJQ99(B)

- ignoreCase$BB0@-$,Dj5A$5$l$F$$$J$$>l9g$O!$(BignoreCase="false"$B$r@_Dj$7$F(B
  $B$/$@$5$$!#(B

$B>e5-@_DjJQ998e$N(BWeb$B%5!<%P$d(Bshibd$B$N:F5/F0$OITMW$G$9!#(B

$B2F$K%j%j!<%9M=Dj$N(BShibboleth SP$B$N?7%P!<%8%g%s(BV2.6.0$B$G$O!$?7$7$$B0@-$H$7(B
$B$F(B "caseSensitive" $B$,MQ0U$5$l$^$9!#(B
$B$3$l$KH<$$!$=>Mh$N(BignoreCase$B$OHs?d>)@_Dj$H$J$j!$(BignoreCase$B$r;HMQ$7$F$$(B
$B$k>l9g$O7Y9p%a%C%;!<%8$,%m%0$K=PNO$5$l$k$h$&$K$J$j$^$9!#(B

$B>\:Y$O0J2<$N;29M>pJs$r$4;2>H$/$@$5$$!#(B

$B;29M>pJs(B:

[1] shibboleth2.xml configuration Wiki:
https://wiki.shibboleth.net/confluence/x/RYBC

[2] URL for this Security Advisory:
https://shibboleth.net/community/advisories/secadv_20160504.txt



--
=========================================================
$B!!9qN)>pJs3X8&5f=j(B $B3X=Q4pHW2](B $B3XG';vL36I!!!JC4Ev!'LnED!K(B
$B!!(BTEL$B!'(B03-4212-2218$B!!(xxxxxxxxxxxxxxx@xxxxxxxxx
$B!!3XG'(BWeb$B%Z!<%8(B  https://www.gakunin.jp/
$B!!?=@A%7%9%F%`(B   https://office.gakunin.nii.ac.jp/
=========================================================