VYPR

mod_ucam_webauth

by Exim

CVEs (1)

  • CVE-2015-9287May 13, 2019
    risk 0.00cvss epss 0.02

    Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message,…