PT-2015-7140 · Jboss · Picketlink

Pedro Igor Craveiro

Published

2015-08-17

Updated

2015-08-19

CVE-2015-6254

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PicketLink versions prior to 2.7.0

Description The issue in PicketLink allows remote attackers to have an unspecified impact. This is due to the Service Provider (SP) and Identity Provider (IdP) not ensuring that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received.

Recommendations For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CVE-2015-6254

RHSA-2015:0846

RHSA-2015:0847

RHSA-2015:0848

Affected Products

Picketlink

PT-2015-7140 · Jboss · Picketlink

CVE-2015-6254

Weakness Enumeration

Related Identifiers

Affected Products

References · 7