CVE-2015-9287
Last modified
CVE-2015-9287 is a vulnerability of currently unknown severity. Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. EPSS estimates a 1.99% chance of exploitation in the next 30 days.
Description
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cam | The University Of Cambridge Web Authentication System Apache Authentication Agent | < 2.0.2 |
References
- https://doi.org/10.1007/978-3-030-03251-7_1Permissions Required, Third Party Advisory
- https://github.com/grymer/CVEThird Party Advisory
- https://doi.org/10.1007/978-3-030-03251-7_1Permissions Required, Third Party Advisory
- https://github.com/grymer/CVEThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-9287?
How severe is CVE-2015-9287?
How do I fix CVE-2015-9287?
Are you affected by CVE-2015-9287?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST