Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9
CVE-2014-3603
- EPSS 0.11%
- Published 04.04.2019 14:29:00
- Last modified 21.11.2024 02:08:29
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAl...
4.3
CVE-2015-1796
- EPSS 0.17%
- Published 08.07.2015 15:59:02
- Last modified 12.04.2025 10:46:40
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an en...
1