Lucene search
K

216 matches found

RedhatCVE
RedhatCVE
added 2016/11/21 10:18 a.m.20 views

CVE-2016-8638

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

9.1CVSS8.5AI score0.02119EPSS
Exploits0References1
NVD
NVD
added 2015/11/17 3:59 p.m.16 views

CVE-2015-5301

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

5.5CVSS6.1AI score0.01493EPSS
Exploits0References8
OSV
OSV
added 2015/11/17 3:59 p.m.6 views

PYSEC-2015-41

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

4CVSS6.7AI score0.013EPSS
Exploits0References5
OSV
OSV
added 2015/11/17 3:59 p.m.5 views

PYSEC-2015-42

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

5.5CVSS6.7AI score0.01493EPSS
Exploits0References9
Prion
Prion
added 2015/11/17 3:59 p.m.14 views

Code injection

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

5.5CVSS6.6AI score0.01493EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2015/11/17 3:59 p.m.12 views

Code injection

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

4CVSS6.5AI score0.013EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/11/17 3:0 p.m.28 views

CVE-2015-5301

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider SP...

5.9AI score0.01493EPSS
Exploits0References8
CVE
CVE
added 2015/11/17 3:0 p.m.50 views

CVE-2015-5301

CVE-2015-5301 affects Ipsilon IdP (providers/saml2/admin.py). In Ipsilon 0.1.0–1.0.2 and 1.1.x–1.1.1, incorrect permission checks allow remote authenticated users to delete a SAML2 Service Provider (SP) and cause a denial of service. Affected versions are 0.1.0 before 1.0.2 and 1.1.x before 1.1.1...

5.5CVSS5.8AI score0.01493EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2015/11/17 3:0 p.m.58 views

CVE-2015-5217

CVE-2015-5217 affects Ipsilon 0.1.0 prior to 1.0.1. The IdP server’s providers/saml2/admin.py fails to properly enforce permission checks when updating the SAML2 SP owner, enabling remote authenticated users to trigger a denial of service by creating a duplicate SP name. Affected: Ipsilon IdP (SA...

4CVSS5.8AI score0.013EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2015/06/24 12:0 a.m.27 views

Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129

Shibboleth authentication module allows users to log in and get permissions based on federated SAML2 authentication. The module didn't filter the text that is displayed as a login link. This vulnerability was mitigated by the fact that an attacker must have a role with the permission Administer...

2.1CVSS6.5AI score0.00996EPSS
Exploits0References10
Fedora
Fedora
added 2015/04/21 7:7 p.m.26 views

[SECURITY] Fedora 22 Update: lasso-2.4.1-3.fc22

Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages...

7.5CVSS2.4AI score0.0345EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.5 views

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

3.5CVSS5.7AI score0.01739EPSS
Exploits0References4
Fedora
Fedora
added 2015/04/06 8:33 a.m.30 views

[SECURITY] Fedora 20 Update: lasso-2.4.1-1.fc20

Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages...

7.5CVSS2.4AI score0.0345EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/02/13 12:0 a.m.35 views

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.3 update (Moderate) (RHSA-2015:0216)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0216 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that t...

6.4CVSS7.3AI score0.02051EPSS
Exploits0References31
Drupal
Drupal
added 2015/01/21 12:0 a.m.26 views

SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request Forgery (CSRF)

Shibboleth Authentication module allows users to log in and get permissions based on federated SAML2 authentication. The roles that are assigned to users are based on a matching list. A malicious attacker can delete matching rules from the list by getting the administrator's browser to make a...

5.8CVSS6.5AI score0.00656EPSS
Exploits0References10
Drupal
Drupal
added 2009/10/14 12:0 a.m.14 views

SA-CONTRIB-2009-070 - Shibboleth authentication - Impersonation, privilege escalation

The Shibboleth authentication module provides user authentication and authorisation based on the Shibboleth Web Single Sign-on system. The module does not properly handle the changes of the underlying Shibboleth session. This can result in impersonation and possible privilege escalation if a user...

7.5AI score
Exploits0References5
Rows per page
Query Builder