Lucene search
GoogleOSV:GHSA-78FQ-W796-Q537HistoryMay 17, 2022 - 3:38 a.m.
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-1703:38:17
Google
osv.dev
19
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
Related
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
cvelist
cvelist
CVE-2015-1796
2015-07-08 15:00:00
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
ibm
ibm
cve
cve
CVE-2015-1796
2015-07-08 15:59:00
ubuntucve
ubuntucve
CVE-2015-1796
2015-07-08 00:00:00
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.5%
Related for OSV:GHSA-78FQ-W796-Q537