Описание
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:kth:heimdal:0.4a:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.4b:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.4c:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.4d:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.4e:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.5:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:kth:heimdal:0.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00647
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 21 года назад
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly pe ...
github
больше 3 лет назад
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.
EPSS
Процентиль: 70%
0.00647
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other