CVE-2015-2684Improper Input Validation in Service Provider

CWE-20Improper Input Validation4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 36.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Shibboleth Service ProviderDebian Linux
Timeline
PublishedMar 31
Latest updateMay 17

Description

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

Also affects: Debian Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-44gq-2834-6749: Shibboleth Service Provider (SP) before 22022-05-17
OSV
CVE-2015-2684: Shibboleth Service Provider (SP) before 22015-03-31
CVEList
CVE-2015-2684: Shibboleth Service Provider (SP) before 22015-03-31
CVE-2015-2684 — Improper Input Validation | cvebase