VYPR
Moderate severityNVD Advisory· Published Jul 8, 2015· Updated Jun 17, 2026

CVE-2015-1796

CVE-2015-1796

Description

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.opensaml:opensamlMaven
< 2.6.52.6.5
edu.internet2.middleware:shibboleth-identityproviderMaven
< 2.4.42.4.4

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.