Title:Red Hat PicketLink Service Provider和Identity Provider 安全漏洞 (CVE-2015-6254) Description:Red Hat PicketLink是美国红帽(Red Hat)公司的一套用于Java应用程序的统一身份管理框架。 Red Hat PicketLink 2.7.0之前版本的Service Provider(SP)和Identity Provider(IdP)中存在安全漏洞,该漏洞源于程序没有正确验证SAML断言的Response元素中的Destination属性。远程攻击者可利用该漏洞登录受影响用户的账户。
File Snapshot
None
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.