注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

白帽子安全漏洞

IT 计算机网络信息安全 漏洞分享 Information Security

 
 
 

日志

 
 
 
 

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability  

2014-12-29 21:40:00|  分类: 计算机安全 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
 
 

 

 
Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8489
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]
 
 
 
 
 

 

 
Advisory Details
 

 

(1) Product:
“PingFederate is a best-of-breed Internet-identity security platform that implements multiple standards-based protocols to provide cross-domain single sign-on (SSO) and user-attribute exchange, as well as support for identity-enabled Web Services and cross-domain user provisioning.”
 
 

 

(2) Vulnerability Details:
PingFederate 6.10.1 SP Endpoints is vulnerable to Dest Redirect Privilege Escalation attacks.
 
The security vulnerability occurs at “/startSSO.ping?” page with “&TargetResource” parameter.
 
 
 
 
 
 



 

 
References:


  评论这张
 
阅读(74)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017