A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-2809.html | |
http://www.securityfocus.com/bid/94439 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638 | Issue Tracking Third Party Advisory |
https://ipsilon-project.org/advisory/CVE-2016-8638.txt | Vendor Advisory |
https://ipsilon-project.org/release/2.1.0.html | |
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-07-12T13:00:00
Updated: 2018-01-04T19:57:01
Reserved: 2016-10-12T00:00:00
Link: CVE-2016-8638
JSON object: View
NVD Information
Status : Modified
Published: 2017-07-12T13:29:00.190
Modified: 2023-11-07T02:36:25.437
Link: CVE-2016-8638
JSON object: View
Redhat Information
No data.
CWE