2 matches found
CVE-2015-1796
The CVE-2015-1796 issue affects Shibboleth Identity Provider (IdP) and OpenSAML Java where PKIX trust engines can trust candidate X.509 credentials if no trusted names exist for the entityID. This allows remote impersonation via a certificate issued by a shibmd:KeyAuthority trust anchor. Affected...
CVE-2014-3603
CVE-2014-3603 involves improper hostname verification in Shibboleth IdP (HttpResource/FileBackedHttpResource) and OpenSAML Java 2.6.2, allowing MITM spoofing of SSL with arbitrary valid certs. IBM/Liberty-focused advisories confirm affected products and versions: Liberty for Java 3.37 and earlier...