Lucene search
GoogleOSV:GHSA-RM7V-GQFG-P2WCHistoryMay 14, 2022 - 1:11 a.m.
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
2022-05-1401:11:29
Google
osv.dev
19
ssl certificate
validation
shibboleth identity provider
opensaml java
x.509 certificate
man-in-the-middle
spoofing
EPSS
0.001
Percentile
35.1%
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Related
ubuntucve
ubuntucve
CVE-2014-3603
2019-04-04 00:00:00
openvas
openvas
Fedora Update for opensaml-java-openws FEDORA-2015-10175
2015-08-08 00:00:00
Fedora Update for opensaml-java FEDORA-2015-10235
2015-08-08 00:00:00
Fedora Update for opensaml-java-openws FEDORA-2015-10235
2015-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: opensaml-java-openws-1.5.5-2.fc22
2015-08-07 13:05:19
[SECURITY] Fedora 21 Update: opensaml-java-2.5.3-9.fc21
2015-08-07 13:04:41
[SECURITY] Fedora 21 Update: opensaml-java-openws-1.5.5-2.fc21
2015-08-07 13:04:41
cvelist
cvelist
CVE-2014-3603
2019-04-04 13:38:16
nvd
nvd
CVE-2014-3603
2019-04-04 14:29:00
prion
prion
Code injection
2019-04-04 14:29:00
nessus
nessus
ibm
ibm
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2014-3603)
2019-12-30 16:46:18
github
github
cve
cve
CVE-2014-3603
2019-04-04 14:29:00
redhat
redhat
(RHSA-2019:4117) Moderate: Open Liberty 19.0.0.12 Runtime security update
2019-12-09 15:15:03