Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2015-0277
HistoryAug 17, 2015 - 8:59 p.m.

Design/Logic Flaw

2015-08-1720:59:00
PRIOn knowledge base
www.prio-n.com
5

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users’ accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.

CPENameOperatorVersion
picketlinkle2.6.0

Related

cvelist 2
nvd 2
cve 2
prion 1
nessus 3
redhat 3
cvelist
cvelist
CVE-2015-6254
2015-08-17 20:00:00
CVE-2015-0277
2015-08-17 20:00:00
nvd
nvd
CVE-2015-0277
2015-08-17 20:59:00
CVE-2015-6254
2015-08-17 20:59:01
cve
cve
CVE-2015-0277
2015-08-17 20:59:00
CVE-2015-6254
2015-08-17 20:59:01
prion
prion
Code injection
2015-08-17 20:59:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2015:0847)
2015-04-20 00:00:00
RHEL 5 : JBoss EAP (RHSA-2015:0846)
2015-04-20 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0848)
2018-09-04 00:00:00
redhat
redhat
(RHSA-2015:0848) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 00:00:00
(RHSA-2015:0847) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 15:44:21
(RHSA-2015:0846) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 00:00:00

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.4%

JSON
Related for PRION:CVE-2015-0277
cvelist2nvd2cve2prion1nessus3redhat3