Vulnerability Details : CVE-2015-5372
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2015-5372
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5372
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5372
-
http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt
404 Not Found
-
http://www.securityfocus.com/archive/1/536508/100/0/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html
nevisAuth Authentication Bypass ≈ Packet Storm
-
http://seclists.org/fulldisclosure/2015/Sep/87
Full Disclosure: CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
-
http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
SAML SP Authentication Bypass Vulnerability in nevisAuth – Compass Security Blog
Products affected by CVE-2015-5372
- cpe:2.3:a:adnovum:nevisauth:*:*:*:*:*:*:*:*