CVE-2015-9287

Name of the Vulnerable Software and Affected Versions mod ucam webauth versions prior to 2.0.2

Description A Directory Traversal issue was discovered, allowing an attacker to manipulate the kid field in the IdP's HTTP response message, specifically the "WLS-Response". The kid field, which should only represent an integer, can be set to any string value as it is not signed. This could be exploited to force the application agent to load the RSA public key from an unintended location, potentially compromising message integrity checking.

Recommendations For mod ucam webauth versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider validating and restricting the kid field to ensure it only accepts integer values to prevent manipulation.