Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2015-0277
HistoryAug 17, 2015 - 8:00 p.m.

CVE-2015-0277

2015-08-1720:00:00
redhat
www.cve.org
2

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users’ accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

Related

nvd 2
prion 2
cve 2
cvelist 1
nessus 3
redhat 3
nvd
nvd
CVE-2015-0277
2015-08-17 20:59:00
CVE-2015-6254
2015-08-17 20:59:01
prion
prion
Design/Logic Flaw
2015-08-17 20:59:00
Code injection
2015-08-17 20:59:00
cve
cve
CVE-2015-0277
2015-08-17 20:59:00
CVE-2015-6254
2015-08-17 20:59:01
cvelist
cvelist
CVE-2015-6254
2015-08-17 20:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2015:0847)
2015-04-20 00:00:00
RHEL 5 : JBoss EAP (RHSA-2015:0846)
2015-04-20 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0848)
2018-09-04 00:00:00
redhat
redhat
(RHSA-2015:0848) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 00:00:00
(RHSA-2015:0847) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 15:44:21
(RHSA-2015:0846) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 00:00:00

5.6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON
Related for CVELIST:CVE-2015-0277
nvd2prion2cve2cvelist1nessus3redhat3