Описание
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
A flaw was found in the way PicketLink's Service Provider (SP) and Identity Provider (IdP) handled certain requests. The SP and IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in the SAML assertion matches the location from which the message was received. This flaw allows a remote attacker to log into a victim's account via PicketLink.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | picketlink | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2015:0849 | 16.04.2015 | |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-cli-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-codec-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-configuration-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-daemon-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-io-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-lang-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-pool-eap6 | Fixed | RHSA-2015:0846 | 16.04.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-mime4j | Fixed | RHSA-2015:0846 | 16.04.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
EPSS
6.3 Medium
CVSS3