Lucene search
K

6 matches found

NVD
NVD
added 2015/07/08 3:59 p.m.22 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS8.5AI score0.01256EPSS
Exploits0References4
Prion
Prion
added 2015/07/08 3:59 p.m.18 views

Design/Logic Flaw

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7AI score0.01256EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2015/07/08 3:59 p.m.54 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7.1AI score0.01256EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/08 3:0 p.m.24 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

8.5AI score0.01256EPSS
Exploits0References4
CVE
CVE
added 2015/07/08 3:0 p.m.157 views

CVE-2015-1796

The CVE-2015-1796 issue affects Shibboleth Identity Provider (IdP) and OpenSAML Java where PKIX trust engines can trust candidate X.509 credentials if no trusted names exist for the entityID. This allows remote impersonation via a certificate issued by a shibmd:KeyAuthority trust anchor. Affected...

4.3CVSS8.2AI score0.01256EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.4 views

Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation

It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority...

4.3CVSS7.2AI score0.01256EPSS
Exploits0References5
Rows per page
Query Builder