Trust Engine Vulnerability in Shibboleth Identity Provider and OpenSAML Java
CVE-2015-1796

Currently unrated

Key Information:

Vendor

Shibboleth

Status
Identity Provider
Vendor
CVE Published:
8 July 2015

What is CVE-2015-1796?

The vulnerability in the PKIX trust engines of Shibboleth Identity Provider and OpenSAML Java occurs when candidate X.509 credentials are trusted without any trusted names for the entityID. This flaw allows remote attackers to impersonate legitimate entities by using certificates issued by a shibmd:KeyAuthority trust anchor, potentially compromising the security and integrity of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-1176.html
vendor-advisoryx_refsource_REDHAT
https://shibboleth.net/community/advisories/secadv_201502...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1177.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.