Lucene search
Ubuntu.comUB:CVE-2015-1796HistoryJul 08, 2015 - 12:00 a.m.
CVE-2015-1796
2015-07-0800:00:00
ubuntu.com
ubuntu.com
26
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.7%
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and
OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials
when no trusted names are available for the entityID, which allows remote
attackers to impersonate an entity via a certificate issued by a
shibmd:KeyAuthority trust anchor.
Bugs
Related
prion
prion
Design/Logic Flaw
2015-07-08 15:59:00
ibm
ibm
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
2021-02-25 14:37:56
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
2018-07-18 09:46:57
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
osv
osv
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
github
github
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
2022-05-17 03:38:17
cve
cve
CVE-2015-1796
2015-07-08 15:59:00
pentestit
pentestit
UPDATE: OWASP Dependency-Check 5.0.0
2019-06-10 06:03:45
redhat
redhat
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:1176) Important: Red Hat JBoss Fuse 6.2.0 update
2015-06-23 16:46:09
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.7%
Related for UB:CVE-2015-1796