漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
漏洞信息
N/A
漏洞
N/A
漏洞
Red Hat PicketLink Service Provider和Identity Provider 安全漏洞
漏洞信息
Red Hat PicketLink是美国红帽(Red Hat)公司的一套用于Java应用程序的统一身份管理框架。 Red Hat PicketLink 2.7.0之前版本的Service Provider(SP)和Identity Provider(IdP)中存在安全漏洞,该漏洞源于程序没有正确验证SAML断言的Response元素中的Destination属性。远程攻击者可利用该漏洞登录受影响用户的账户。
漏洞信息
N/A
漏洞
N/A