Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Mar 31, 2015· Updated May 6, 2026

CVE-2015-2684

CVE-2015-2684

Description

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

Affected products

2

Internet2/Service Provider
cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:*
Range: <=2.5.3
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

shibboleth.net/community/advisories/secadv_20150319.txtnvdVendor Advisory
www.debian.org/security/2015/dsa-3207nvd
www.securityfocus.com/bid/73314nvd

News mentions

0

No linked articles in our index yet.