Vulnerability-Lookup

CNVD-2015-06501

Vulnerability from cnvd - Published: 2015-10-15

Title

AdNovum nevisAuth SAML证书匹配漏洞

Description

AdNovum nevisAuth是一套用户系统身份验证和访问管理解决方案。 AdNovum nevisAuth未能正确匹配X.509证书和IdP的证书，允许远程攻击者可提交特制的证书注入任意SAML断言。

Severity

中

Patch Name

AdNovum nevisAuth SAML证书匹配漏洞的补丁

Patch Description

AdNovum nevisAuth是一套用户系统身份验证和访问管理解决方案。AdNovum nevisAuth未能正确匹配X.509证书和IdP的证书，允许远程攻击者可提交特制的证书注入任意SAML断言。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt

Reference

http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html

Impacted products

Name
AdNovum nevisAuth 4.13.0.0(<4.18.3.1)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5372"
    }
  },
  "description": "AdNovum nevisAuth\u662f\u4e00\u5957\u7528\u6237\u7cfb\u7edf\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nAdNovum nevisAuth\u672a\u80fd\u6b63\u786e\u5339\u914dX.509\u8bc1\u4e66\u548cIdP\u7684\u8bc1\u4e66\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u5236\u7684\u8bc1\u4e66\u6ce8\u5165\u4efb\u610fSAML\u65ad\u8a00\u3002",
  "discovererName": "Antoine Neuenschwander (antoine.neuenschwander@csnc.ch)",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06501",
  "openTime": "2015-10-15",
  "patchDescription": "AdNovum nevisAuth\u662f\u4e00\u5957\u7528\u6237\u7cfb\u7edf\u8eab\u4efd\u9a8c\u8bc1\u548c\u8bbf\u95ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002AdNovum nevisAuth\u672a\u80fd\u6b63\u786e\u5339\u914dX.509\u8bc1\u4e66\u548cIdP\u7684\u8bc1\u4e66\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u5236\u7684\u8bc1\u4e66\u6ce8\u5165\u4efb\u610fSAML\u65ad\u8a00\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "AdNovum nevisAuth SAML\u8bc1\u4e66\u5339\u914d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "AdNovum nevisAuth 4.13.0.0(\u003c4.18.3.1)"
  },
  "referenceLink": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-03",
  "title": "AdNovum nevisAuth SAML\u8bc1\u4e66\u5339\u914d\u6f0f\u6d1e"
}

CVE-2015-5372 (GCVE-0-2015-5372)

Vulnerability from cvelistv5 – Published: 2015-09-28 16:00 – Updated: 2024-08-06 06:41

Summary

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://packetstormsecurity.com/files/133628/nevis…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2015/Sep/87	mailing-listx_refsource_FULLDISC
	http://www.csnc.ch/misc/files/advisories/CVE-2015…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/536508/100…	mailing-listx_refsource_BUGTRAQ
	http://blog.csnc.ch/2015/09/saml-sp-authenticatio…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.459Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html"
          },
          {
            "name": "20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Sep/87"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt"
          },
          {
            "name": "20150921 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536508/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html"
        },
        {
          "name": "20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Sep/87"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt"
        },
        {
          "name": "20150921 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536508/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html"
            },
            {
              "name": "20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Sep/87"
            },
            {
              "name": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt",
              "refsource": "MISC",
              "url": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt"
            },
            {
              "name": "20150921 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536508/100/0/threaded"
            },
            {
              "name": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth",
              "refsource": "MISC",
              "url": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5372",
    "datePublished": "2015-09-28T16:00:00",
    "dateReserved": "2015-07-06T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-06501

CVE-2015-5372 (GCVE-0-2015-5372)

Tags

Sightings

Nomenclature