Unrated severityNVD Advisory· Published Oct 28, 2020· Updated Aug 4, 2024
CVE-2020-27978
CVE-2020-27978
Description
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Shibboleth/Identify Providerdescription
- Range: <3.4.6
Patches
Vulnerability mechanics
References
1- shibboleth.net/community/advisories/secadv_20191002.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.