Lucene search
HistoryJul 08, 2015 - 3:59 p.m.
CVE-2015-1796
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
8.5
Confidence
High
EPSS
0.004
Percentile
72.9%
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
Affected configurations
Node
shibbolethidentity_providerRange≤2.4.3
Node
shibbolethopensaml_javaRange≤2.6.4
Related
cvelist
cvelist
CVE-2015-1796
2015-07-08 15:00:00
osv
osv
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
ibm
ibm
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
ubuntucve
ubuntucve
CVE-2015-1796
2015-07-08 00:00:00
cve
cve
CVE-2015-1796
2015-07-08 15:59:02
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
8.5
Confidence
High
EPSS
0.004
Percentile
72.9%
Related for NVD:CVE-2015-1796