CVE-2015-1796 (Medium) detected in opensaml-2.6.1.jar #79
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2015-1796 - Medium Severity Vulnerability
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML).
Library home page: http://opensaml.org/
Path to dependency file: /tmp/ws-scm/opensphere-desktop/open-sphere-plugins/wps/pom.xml
Path to vulnerable library: /root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.1/opensaml-2.6.1.jar
Dependency Hierarchy:
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
Publish Date: 2015-07-08
URL: CVE-2015-1796
Base Score Metrics not available
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1796
Release Date: 2015-07-08
Fix Resolution: 2.6.5
The text was updated successfully, but these errors were encountered: