Lucene search
Japan Vulnerability NotesJVN:06120222HistoryJun 03, 2015 - 12:00 a.m.
JVN#06120222: F21 JWT fails to verify token signatures
2015-06-0300:00:00
Japan Vulnerability Notes
jvn.jp
28
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
70.0%
JWT provided by F21 is a PHP library for handling JSON Web Tokens. JWT contains a vulnerability where it fails to verify token signatures.
Impact
Specially crafted tokens may be validated as token data with valid signatures.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- JWT versions prior to 2.0
Related
prion
prion
Design/Logic Flaw
2015-06-05 10:59:00
nvd
nvd
CVE-2015-2951
2015-06-05 10:59:05
cve
cve
CVE-2015-2951
2015-06-05 10:59:05
veracode
veracode
Signature Verification Bypass
2017-07-27 18:56:30
cvelist
cvelist
CVE-2015-2951
2015-06-05 10:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
70.0%
Related for JVN:06120222