Vulnerability CVE-2016-8638


Published: 2017-07-12

Description:
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Type:

CWE-384

(Session Fixation)

Vendor: Ipsilon project
Product: Ipsilon 
Version:
2.0.1
2.0.0
1.2.0
1.1.1
1.1.0
1.0.2
1.0.1
1.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
http://rhn.redhat.com/errata/RHSA-2016-2809.html
http://www.securityfocus.com/bid/94439
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
https://ipsilon-project.org/advisory/CVE-2016-8638.txt
https://ipsilon-project.org/release/2.1.0.html
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

Copyright 2018, cxsecurity.com

 

Back to Top