Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-8638

Опубликовано: 12 июл. 2017
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ipsilon_project:ipsilon:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipsilon_project:ipsilon:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.07142
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-384

Связанные уязвимости

redhat логотип

CVE-2016-8638

CVSS3: 8.2
redhat
почти 9 лет назад

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

debian логотип

CVE-2016-8638

CVSS3: 9.1
debian
около 8 лет назад

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 bef ...

github логотип

GHSA-376m-3rm2-9jm6

CVSS3: 9.1
github
больше 3 лет назад

Session Fixation in ipsilon

oracle-oval логотип

ELSA-2016-2809

oracle-oval
почти 9 лет назад

ELSA-2016-2809: ipsilon security update (IMPORTANT)

EPSS

Процентиль: 91%
0.07142
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-384