CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
74.2%
Matthew Vernon uploaded new packages for shibboleth-sp which fixed the
following security problems:
CVE-2015-2684
A denial of service vulnerability was found in the Shibboleth (a
federated identity framework) Service Provider. When processing
certain malformed SAML messages generated by an authenticated
attacker, the daemon could crash.
For the wheezy-backports distribution the problems have been fixed in
version 2.5.3+dfsg-2~bpo70+1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | i386 | libshibsp4 | < 2.3.1+dfsg-5+deb6u1 | libshibsp4_2.3.1+dfsg-5+deb6u1_i386.deb |
Debian | 6 | i386 | libapache2-mod-shib2 | < 2.3.1+dfsg-5+deb6u1 | libapache2-mod-shib2_2.3.1+dfsg-5+deb6u1_i386.deb |
Debian | 7 | kfreebsd-i386 | libshibsp-dev | < 2.4.3+dfsg-5+deb7u1 | libshibsp-dev_2.4.3+dfsg-5+deb7u1_kfreebsd-i386.deb |
Debian | 7 | powerpc | libshibsp-dev | < 2.4.3+dfsg-5+deb7u1 | libshibsp-dev_2.4.3+dfsg-5+deb7u1_powerpc.deb |
Debian | 7 | powerpc | libshibsp5 | < 2.4.3+dfsg-5+deb7u1 | libshibsp5_2.4.3+dfsg-5+deb7u1_powerpc.deb |
Debian | 7 | all | libshibsp-doc | < 2.4.3+dfsg-5+deb7u1 | libshibsp-doc_2.4.3+dfsg-5+deb7u1_all.deb |
Debian | 6 | all | libshibsp-doc | < 2.3.1+dfsg-5+deb6u1 | libshibsp-doc_2.3.1+dfsg-5+deb6u1_all.deb |
Debian | 7 | armhf | libapache2-mod-shib2 | < 2.4.3+dfsg-5+deb7u1 | libapache2-mod-shib2_2.4.3+dfsg-5+deb7u1_armhf.deb |
Debian | 7 | s390x | libshibsp-dev | < 2.4.3+dfsg-5+deb7u1 | libshibsp-dev_2.4.3+dfsg-5+deb7u1_s390x.deb |
Debian | 7 | armel | libshibsp-dev | < 2.4.3+dfsg-5+deb7u1 | libshibsp-dev_2.4.3+dfsg-5+deb7u1_armel.deb |