CVE-2015-1796 - Vulnerability Details - OpenCVE

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Amq Jboss Fuse
Shibboleth	Identity Provider Opensaml Java

Configuration 1 [-]

cpe:2.3:a:shibboleth:identity_provider:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:shibboleth:opensaml_java:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat JBoss A-MQ 6.2
	cpe:/a:redhat:jboss_amq:6.2.0	RHSA-2015:1177	2015-06-23T00:00:00Z
Red Hat JBoss Fuse 6.2
	cpe:/a:redhat:jboss_fuse:6.2.0	RHSA-2015:1176	2015-06-23T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2015-1176.html
http://rhn.redhat.com/errata/RHSA-2015-1177.html
http://shibboleth.net/community/advisories/secadv_20150225.txt
http://www.securityfocus.com/bid/75370
https://nvd.nist.gov/vuln/detail/CVE-2015-1796
https://shibboleth.net/community/advisories/secadv_20150225.txt
https://www.cve.org/CVERecord?id=CVE-2015-1796

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-07-08T15:00:00

Updated: 2024-08-06T04:54:16.257Z

Reserved: 2015-02-17T00:00:00

Link: CVE-2015-1796

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-07-08T15:59:02.897

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-1796

Redhat

Severity : Important

Publid Date: 2015-02-25T00:00:00Z

Links: CVE-2015-1796 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1176", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://shibboleth.net/community/advisories/secadv_20150225.txt"}, {"name": "RHSA-2015:1177", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"name": "75370", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75370"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1796", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:1176", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"name": "https://shibboleth.net/community/advisories/secadv_20150225.txt", "refsource": "CONFIRM", "url": "https://shibboleth.net/community/advisories/secadv_20150225.txt"}, {"name": "RHSA-2015:1177", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"name": "75370", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75370"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.257Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1176", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://shibboleth.net/community/advisories/secadv_20150225.txt"}, {"name": "RHSA-2015:1177", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"name": "75370", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75370"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1796", "datePublished": "2015-07-08T15:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.257Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shibboleth:identity_provider:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BF0DB9-3D2D-4211-A889-EEBF781B0FDB", "versionEndIncluding": "2.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shibboleth:opensaml_java:*:*:*:*:*:*:*:*", "matchCriteriaId": "06CC5F7F-A65B-4779-84C5-3E2CFA5B56FE", "versionEndIncluding": "2.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor."}, {"lang": "es", "value": "Los motores de confianza PKIX en Shibboleth Identity Provider anterior a 2.4.4 y OpenSAML Java (OpenSAML-J) anterior a 2.6.5 conf\u00edan en los certificados X.509 de candidatos cuando nombres no confiables est\u00e1n disponibles para el identificador de entidad, lo que permite a atacantes remotos suplantar una entidad a trav\u00e9s de un certificado emitido por una ancla de confianza shibmd:KeyAuthority."}], "id": "CVE-2015-1796", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-08T15:59:02.897", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/75370"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://shibboleth.net/community/advisories/secadv_20150225.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://shibboleth.net/community/advisories/secadv_20150225.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1177", "cpe": "cpe:/a:redhat:jboss_amq:6.2.0", "product_name": "Red Hat JBoss A-MQ 6.2", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2015:1176", "cpe": "cpe:/a:redhat:jboss_fuse:6.2.0", "product_name": "Red Hat JBoss Fuse 6.2", "release_date": "2015-06-23T00:00:00Z"}], "bugzilla": {"description": "Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation", "id": "1196619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196619"}, "csaw": false, "cvss": {"cvss_base_score": "6.3", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "status": "verified"}, "details": ["The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.", "It was found that PKIX trust components allowed an X.509 credential to be trusted if no trusted names were available for the entityID. An attacker could use a certificate issued by a shibmd:KeyAuthority trust anchor to impersonate an entity within the scope of that keyAuthority."], "name": "CVE-2015-1796", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Affected", "package_name": "opensaml-java", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-esb-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "opensaml", "product_name": "Red Hat JBoss Portal 6"}], "public_date": "2015-02-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1796\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1796\nhttp://shibboleth.net/community/advisories/secadv_20150225.txt"], "threat_severity": "Important"}