漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.
漏洞信息
N/A
漏洞
N/A
漏洞
PicketLink 访问控制错误漏洞
漏洞信息
Red Hat Picketlink是美国红帽(Red Hat)公司的一个针对Java应用进行安全和身份认证管理的项目。 Red Hat PicketLink 2.7.0之前版本存在访问控制错误漏洞。攻击者利用该漏洞通过特制的SAML断言登录其他用户的帐户。
漏洞信息
N/A
漏洞
N/A