CVE-2015-5216

The CVE-2015-5216 entry affects Ipsilon IdP server versions 0.1.0 through 1.0.0. Root cause: improper escaping of characters in a Python exception-message template, enabling remote XSS via an HTTP response. Connected sources (e.g., PT-2020-7857) corroborate the same issue and specify the affected...

CVE-2015-5216

The Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via an HTTP response...

PT-2020-7856 · Ipsilon +1 · Ipsilon +1

Name of the Vulnerable Software and Affected Versions: Ipsilon versions 0.1.0 through 1.0.0 Description: The default configuration of the Jinja templating engine in the Identity Provider IdP server does not enable auto-escaping, making it easier for remote attackers to conduct cross-site scriptin...

CVE-2015-5215

CVE-2015-5215 affects the Identity Provider (IdP) server of Ipsilon, specifically versions 0.1.0 through 1.0.0, where the Jinja templating engine is not auto-escaped by default. The documented consequence is easier remote cross-site scripting (XSS) via template variables, tied to the IdP’s defaul...

CVE-2015-5215

The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be a duplica...

Huawei EulerOS: Security Advisory for ipsilon (EulerOS-SA-2018-1013)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : ipsilon (EulerOS-SA-2018-1013)

According to the version of the ipsilon packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what...

Unspecified Vulnerability in Ipsilon

Ipsilon is a server and toolkit for configuring Apache-based service providers to provide federated authentication SSO to web applications with pluggable standalone modwsgi applications. An unspecified vulnerability exists in versions of Ipsilon prior to 2.1.0. No detailed vulnerability details a...

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

Design/Logic Flaw

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

CVE-2016-8638

Ipsilon is affected by a SAML2 multi-session vulnerability (CVE-2016-8638). Affected versions: ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3. The issue relates to how sessions are tracked, allowing an unauthenticated attacker to view and terminate active sessi...

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

Fedora Update for ipsilon FEDORA-2016-2d8fb6d7ad

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : ipsilon (2016-2d8fb6d7ad)

New Ipsilon 2.0 release. ---- Main changes since 1.2 : Security fix for CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management Authorization plugin support Support for adding an instance to the web root Lots of bugfixes Note that Tenable Network Security has extracted the...

Fedora Update for ipsilon FEDORA-2016-b465090499

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : ipsilon (2016-b465090499)

New Ipsilon 2.0 release. ---- Main changes since 1.2 : Security fix for CVE-2016-8638 OpenID Connect 2.0 OAuth 2 User portal with consent management Authorization plugin support Support for adding an instance to the web root Lots of bugfixes Note that Tenable Network Security has extracted the...

[SECURITY] Fedora 24 Update: ipsilon-2.0.2-2.fc24

Ipsilon is a multi-protocol Identity Provider service. Its function is to bridge authentication providers and applications to achieve Single Sign On and Federation...

[SECURITY] Fedora 25 Update: ipsilon-2.0.2-2.fc25

Ipsilon is a multi-protocol Identity Provider service. Its function is to bridge authentication providers and applications to achieve Single Sign On and Federation...

CentOS 7 : ipsilon (CESA-2016:2809)

An update for ipsilon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...