Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-1796
HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-1796

2015-07-0815:59:02
CWE-254
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.

Affected configurations

NVD
Node
shibbolethidentity_providerRange2.4.3
Node
shibbolethopensaml_javaRange2.6.4

Related

github 1
osv 1
cvelist 1
prion 1
ibm 5
cve 1
ubuntucve 1
pentestit 1
redhat 2
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
osv
osv
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
cvelist
cvelist
CVE-2015-1796
2015-07-08 15:00:00
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
ibm
ibm
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
2021-02-25 14:37:56
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
2018-07-18 09:46:57
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
2024-05-07 19:52:07
cve
cve
CVE-2015-1796
2015-07-08 15:59:02
ubuntucve
ubuntucve
CVE-2015-1796
2015-07-08 00:00:00
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON
Related for NVD:CVE-2015-1796
github1osv1cvelist1prion1ibm5cve1ubuntucve1pentestit1redhat2