Lucene search
HistoryJul 05, 2015 - 1:59 a.m.
CVE-2015-2964
cve-2015-2964
namshi
jose
signature bypass
jwt
vulnerability
json web tokens
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.2%
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header.
Affected configurations
Node
namshinamshi\/joseRange≤5.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| namshi:namshi\/jose | namshi namshi/jose | le | 5.0.0 |
Related
nvd
nvd
CVE-2015-2964
2015-07-05 01:59:00
cvelist
cvelist
CVE-2015-2964
2015-07-05 01:00:00
prion
prion
Design/Logic Flaw
2015-07-05 01:59:00
jvn
jvn
JVN#25336719: namshi/jose fails to verify token signatures
2015-06-25 00:00:00
friendsofphp
friendsofphp
Attackers able to impersonate users
2015-02-19 10:59:35
Attackers able to impersonate users
2015-02-19 10:59:35
veracode
veracode
Signature Verification Bypass
2017-07-27 00:05:42
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.2%
Related for CVE-2015-2964