Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat PicketLink Service Provider和Identity Provider 安全漏洞
Vulnerability Description
Red Hat PicketLink是美国红帽(Red Hat)公司的一套用于Java应用程序的统一身份管理框架。 Red Hat PicketLink 2.7.0之前版本的Service Provider(SP)和Identity Provider(IdP)中存在安全漏洞,该漏洞源于程序没有正确验证SAML断言的Response元素中的Destination属性。远程攻击者可利用该漏洞登录受影响用户的账户。
CVSS Information
N/A
Vulnerability Type
N/A