CVE-2015-5253

EPSS 0.34%
Published 18.11.2015 16:59:00
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Cxf Version < 2.7.18

Apache ≫ Cxf Version >= 3.0.0 < 3.0.7

Apache ≫ Cxf Version >= 3.1.0 < 3.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.558

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-0321.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/11/14/1

Third Party Advisory

Mailing List

http://www.securitytracker.com/id/1034162

Third Party Advisory

VDB Entry

https://git-wip-us.apache.org/repos/asf?p=cxf.git%3Ba=commitdiff%3Bh=845eccb6484b43ba02875c71e824db23ae4f20c0

https://nvd.nist.gov/vuln/detail/CVE-2015-5253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5253

EUVD