1974359 – (CVE-2015-6254) CVE-2015-6254 PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion

Bug 1974359 (CVE-2015-6254) - CVE-2015-6254 PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion

Summary: CVE-2015-6254 PicketLink: Lack of validation for the Destination attribute in...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-6254
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1916825
TreeView+	depends on / blocked

Reported:	2021-06-21 13:19 UTC by Ted Jongseok Won
Modified:	2021-06-21 14:12 UTC (History)
CC List:	31 users (show)
Fixed In Version:	PicketLink 2.7.0
Clone Of:
Environment:
Last Closed:	2021-06-21 14:12:29 UTC
Embargoed:

Attachments	(Terms of Use)

Description Ted Jongseok Won 2021-06-21 13:19:57 UTC

In case a PicketLink SP is accessed with assertion with a Destination attribute in the Response element, and the Destination attribute is set to any URI, SP never discards the response. However according to SAML2 specification, If it is present, the actual recipient MUST check that the URI reference identifies the location at which the message was received. If it does not, the response MUST be discarded.

Note You need to log in before you can comment on or make changes to this bug.

asoldano
atangrin
bbaranow
bmaxwell
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dkreling
dosoudil
eleandro
fjuma
iweiss
jochrist
jpallich
jperkins
jwon
krathod
kwills
lgao
msochure
msvehla
nwallace
pjindal
pmackay
rguimara
rstancel
rsvoboda
smaestri
tom.jenkinson
yborgess