PT-2015-7140 · Jboss · Picketlink

Pedro Igor Craveiro

Publicado

2015-08-17

Atualizado

2015-08-19

CVE-2015-6254

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PicketLink versions prior to 2.7.0

Description The issue in PicketLink allows remote attackers to have an unspecified impact. This is due to the Service Provider (SP) and Identity Provider (IdP) not ensuring that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received.

Recommendations For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

CVE-2015-6254

RHSA-2015:0846

RHSA-2015:0847

RHSA-2015:0848

Produtos afetados

Picketlink

PT-2015-7140 · Jboss · Picketlink

CVE-2015-6254

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7