Ipsilon IdP Server Denial-of-Service Vulnerability (CVE-2015-5301)
Ipsilon IdP Server Denial-of-Service Vulnerability (CVE-2015-5301)
Release date:
Updated on:
Affected Systems:
Ipsilon 1.1.x-1.1.1
Ipsilon 0.1.0-1.0.2
Description:
CVE (CAN) ID: CVE-2015-5301
Ipsilon is a server and toolkit used to configure Apache-based service providers.
In Ipsilon 0.1.0-1.0.2 and 1.1.x-1.1.1, providers/saml2/admin of the IdP server. py does not correctly check permissions. Remote attackers can exploit this vulnerability to cause DoS by deleting the SAML2 SP.
<* Source: vendor
*>
Suggestion:
Vendor patch:
Ipsilon
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594
Https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1271530
Https://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1
This article permanently updates the link address: