Lucene search
PRIOn knowledge basePRION:CVE-2015-1796HistoryJul 08, 2015 - 3:59 p.m.
Design/Logic Flaw
2015-07-0815:59:00
PRIOn knowledge base
www.prio-n.com
2
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
| CPE | Name | Operator | Version |
|---|---|---|---|
| identity_provider | le | 2.4.3 | |
| opensaml_java | le | 2.6.4 |
Related
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
osv
osv
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
cvelist
cvelist
CVE-2015-1796
2015-07-08 15:00:00
ibm
ibm
nvd
nvd
CVE-2015-1796
2015-07-08 15:59:02
cve
cve
CVE-2015-1796
2015-07-08 15:59:02
ubuntucve
ubuntucve
CVE-2015-1796
2015-07-08 00:00:00
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09