VYPR

Maven package

org.picketlink/picketlink-tomcat-common

pkg:maven/org.picketlink/picketlink-tomcat-common

Vulnerabilities (1)

  • CVE-2015-3158Aug 26, 2015
    affected < 2.7.1.Finalfixed 2.7.1.Final

    The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) di