Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-3457

Malware in sbrugna...

7.5CVSS6.1AI score0.00891EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/25 6:46 a.m.15 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is uses xmltooling-1.4.4.jar, which contains a vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Shibboleth Identity Provider, which could allow a remote attacker to bypass security restrictions. It's caused by an error in the PKIX trust component. Vulnerability Details CVEID:CVE-2015-1796 DESCRIPTION: Shibboleth Identity Provider could...

4.3CVSS6.4AI score0.01256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/25 2:37 p.m.49 views

Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)

Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...

4.3CVSS1.3AI score0.01256EPSS
Exploits0Affected Software1
NVD
NVD
added 2015/07/08 3:59 p.m.23 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS8.5AI score0.01256EPSS
Exploits0References4
Prion
Prion
added 2015/07/08 3:59 p.m.19 views

Design/Logic Flaw

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7AI score0.01256EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2015/07/08 3:59 p.m.54 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7.1AI score0.01256EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/08 3:0 p.m.25 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

8.5AI score0.01256EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.5 views

Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation

It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority...

4.3CVSS7.2AI score0.01256EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.26 views

Debian DSA-1896-1 : opensaml, shibboleth-sp - several vulnerabilities

Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate...

7.5CVSS5.8AI score0.01544EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.27 views

Debian DSA-1895-1 : xmltooling - several vulnerabilities

Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate names were not...

7.5CVSS5.8AI score0.01544EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/10/15 12:0 a.m.26 views

Shibboleth Service Provider NULL Character Spoofing Vulnerability - Windows

Shibboleth Service Provider is prone to a NULL character spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.2AI score0.00891EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/10/15 12:0 a.m.36 views

Shibboleth Service Provider NULL Character Spoofing Vulnerability (Windows)

The host has Shibboleth Service Provider installed and is prone to NULL Character Spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbshibbolethspnullcharspoofingvulnwin.nasl 4869 2016-12-29 11:01:45Z teissa $ Shibboleth Service Provider NULL Character Spoofing Vulnerability Windows Authors...

7.5CVSS5.7AI score0.00891EPSS
Exploits0References2
OSV
OSV
added 2009/10/09 12:0 a.m.25 views

DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict

Bulletin has no description...

9.3CVSS5.5AI score0.04097EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2009/09/29 11:30 p.m.22 views

CVE-2009-3475

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...

7.5CVSS6AI score0.00891EPSS
Exploits0References1
Prion
Prion
added 2009/09/29 11:30 p.m.23 views

Design/Logic Flaw

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...

7.5CVSS9AI score0.05741EPSS
Exploits4References6Affected Software1
NVD
NVD
added 2009/09/29 11:30 p.m.34 views

CVE-2009-3475

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...

7.5CVSS6.3AI score0.00891EPSS
Exploits0References6
Cvelist
Cvelist
added 2009/09/29 11:0 p.m.37 views

CVE-2009-3475

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL...

6.4AI score0.00891EPSS
Exploits0References6
Debian
Debian
added 2009/09/29 9:47 p.m.18 views

[Backports-security-announce] Security update for opemsaml and shibboleth-sp

Russ Allbery uploaded new packages for opensaml and shibboleth-sp which fixed the following security problems: DSA-1896-1 Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to ...

2.7AI score
Exploits0
Debian
Debian
added 2009/09/28 5:13 a.m.14 views

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...

7.9AI score
Exploits0
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.24 views

Debian Security Advisory DSA 1895-1 (xmltooling)

The remote host is missing an update to xmltooling announced via advisory DSA 1895-1. OpenVAS Vulnerability Test $Id: deb18951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1895-1 xmltooling Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

7.5CVSS0.7AI score0.01544EPSS
Exploits0
Rows per page
Query Builder