Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5217

Опубликовано: 19 авг. 2015
Источник: redhat
CVSS2: 4.3

Описание

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.

A flaw was discovered that the Ipsilon IdP server did not properly authorize a change of the provider's name. Non-administrative users could use this flaw to change the name to a duplicate value, which could possibly lead to denial-of-service attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7ipsilonAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1255172ipsilon: Input validation flaw in handling of user supplied data

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-5217

nvd
около 10 лет назад

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.

debian логотип

CVE-2015-5217

debian
около 10 лет назад

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsi ...

github логотип

GHSA-6875-ff47-r6p6

github
больше 3 лет назад

Ipsilon denial of service via a duplicate SP name

4.3 Medium

CVSS2