MiracleLinux 7 : ipsilon-1.0.0-13.el7 (AXSA:2016-955:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-955:01 advisory. Ipsilon is a multi-protocol Identity Provider service. Its function is to bridge authentication providers and applications to achieve Single Sign On and...

SUSE CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

EulerOS 2.0 SP2 : ipsilon (EulerOS-SA-2018-1013)

According to the version of the ipsilon packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what...

CVE-2016-8638

Ipsilon is affected by a SAML2 multi-session vulnerability (CVE-2016-8638). Affected versions: ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3. The issue relates to how sessions are tracked, allowing an unauthenticated attacker to view and terminate active sessi...

Fedora Update for ipsilon FEDORA-2016-b465090499

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : ipsilon (2016-b465090499)

New Ipsilon 2.0 release. ---- Main changes since 1.2 : Security fix for CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management Authorization plugin support Support for adding an instance to the web root Lots of bugfixes Note that Tenable Network Security has extracted the...

Fedora 25 : ipsilon (2016-2d8fb6d7ad)

New Ipsilon 2.0 release. ---- Main changes since 1.2 : Security fix for CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management Authorization plugin support Support for adding an instance to the web root Lots of bugfixes Note that Tenable Network Security has extracted the...

RHEL 7 : ipsilon (RHSA-2016:2809)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2809 advisory. The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on SSO. Ipsilon links authentication providers and...

RedHat Update for ipsilon RHSA-2016:2809-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : ipsilon (ELSA-2016-2809)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2809 advisory. 1.0.0-13 - Backport patch for CVE-2016-8638 RHBZ1394116 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

CVE-2016-8638

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

ipsilon security update

1.0.0-13 - Backport patch for CVE-2016-8638 RHBZ1394116...