ipsilon security update

CentOS Errata and Security Advisory CESA-2016:2809 An update for ipsilon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Ipsilon Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers to provide federated authentication SSO to web applications with pluggable standalone modwsgi applications. A denial of service vulnerability exists in Ipsilon that can be exploited by an attacker to cause a denial of...

RHEL 7 : ipsilon (RHSA-2016:2809)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2809 advisory. The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on SSO. Ipsilon links authentication providers and...

RedHat Update for ipsilon RHSA-2016:2809-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : ipsilon (ELSA-2016-2809)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-2809 advisory. 1.0.0-13 - Backport patch for CVE-2016-8638 RHBZ1394116 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Important: Red Hat Security Advisory: ipsilon security update

An update for ipsilon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ipsilon: DoS via logging out all open SAML2 sessions

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

CVE-2016-8638

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

ipsilon security update

1.0.0-13 - Backport patch for CVE-2016-8638 RHBZ1394116...

PT-2017-9715 · Red Hat +1 · Ipsilon +2

Name of the Vulnerable Software and Affected Versions: ipsilon versions 1.0 through 1.0.2 ipsilon versions 1.1 through 1.1.1 ipsilon versions 1.2 through 1.2.0 ipsilon versions 2.0 through 2.0.1 Description: A issue was found that allows an attacker to log out active sessions of other users. This...

Ipsilon Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers. A denial of service vulnerability exists in Ipsilon version 0.1.0 prior to 1.0.1. It allows an authenticated remote user to cause a denial of service via a duplicate SP name...

Ipsilon IdP Server Denial of Service Vulnerability

Ipsilon is a server and toolkit for configuring Apache-based service providers. In Ipsilon versions 0.1.0-1.0.2, 1.1.x-1.1.1, the IdP server's providers/saml2/admin.py fails to properly check permissions, which can be exploited by a remote attacker to cause a denial of service by removing the SAM...

CVE-2015-5301

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

CVE-2015-5217

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

PYSEC-2015-42

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

PYSEC-2015-42

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

PYSEC-2015-41

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

Code injection

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

CVE-2015-5217

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

CVE-2015-5217

CVE-2015-5217 affects Ipsilon 0.1.0 prior to 1.0.1. The IdP server’s providers/saml2/admin.py fails to properly enforce permission checks when updating the SAML2 SP owner, enabling remote authenticated users to trigger a denial of service by creating a duplicate SP name. Affected: Ipsilon IdP (SA...