Lucene search
GoogleOSV:GHSA-78FQ-W796-Q537HistoryMay 17, 2022 - 3:38 a.m.
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-1703:38:17
Google
osv.dev
21
shibboleth
opensaml-j
pkix trust engines
x.509 credentials
remote attackers
entity impersonation
shibmd:keyauthority
trust anchor
security vulnerability
software
EPSS
0.004
Percentile
72.9%
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
Related
cvelist
cvelist
CVE-2015-1796
2015-07-08 15:00:00
ibm
ibm
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
nvd
nvd
CVE-2015-1796
2015-07-08 15:59:02
ubuntucve
ubuntucve
CVE-2015-1796
2015-07-08 00:00:00
cve
cve
CVE-2015-1796
2015-07-08 15:59:02
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09