CVE

Id
77540  
CVE No.
CVE-2015-0277  
Status
Candidate  
Description
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users" accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.  
Phase
Assigned (20141118)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
709512 77540 CVE-2015-0277 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1194832  View
709513 77540 CVE-2015-0277 CONFIRM:https://issues.jboss.org/browse/PLINK-678  View
709514 77540 CVE-2015-0277 REDHAT:RHSA-2015:0846  View
709515 77540 CVE-2015-0277 URL:http://rhn.redhat.com/errata/RHSA-2015-0846.html  View
709516 77540 CVE-2015-0277 REDHAT:RHSA-2015:0847  View
709517 77540 CVE-2015-0277 URL:http://rhn.redhat.com/errata/RHSA-2015-0847.html  View
709518 77540 CVE-2015-0277 REDHAT:RHSA-2015:0848  View
709519 77540 CVE-2015-0277 URL:http://rhn.redhat.com/errata/RHSA-2015-0848.html  View
709520 77540 CVE-2015-0277 REDHAT:RHSA-2015:0849  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
6008 JVNDB-2015-001328 Adobe Flash Player における任意のコードを実行される脆弱性 Adobe Flash Player には、任意のコードを実行される、またはサービス運用妨害 (メモリ破損) 状態にされる脆弱性が存在します。 CVE-2015-0329 77540 10 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001328.html  View