CVEs (3)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Shibboleth 1Identity Provider Nov 21, 2024 Oct 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet cont...Show more |
1Shibboleth 2Identity Provider Opensaml JavaNov 21, 2024 Apr 4, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's...Show more |
1Shibboleth 2Identity Provider Opensaml JavaMay 6, 2026 Jul 8, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote...Show more |