Exploitation Summary
EIP tracks 2 public exploits for CVE-2015-6254. PoCs published by dawetmaster, andikahilmy.
AI-analyzed exploit summary This repository appears to be a fork or snapshot of the PicketLink project without any exploit code or technical analysis related to CVE-2015-6254. It contains standard project files, build instructions, and example code but no PoC or vulnerability details.
Description
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types.
Exploits (2)
This repository appears to be a fork or snapshot of the PicketLink project without any exploit code or technical analysis related to CVE-2015-6254. It contains standard project files, build instructions, and example code but no PoC or vulnerability details.
The repository contains source code for PicketLink, a security framework, but lacks any exploit code or technical analysis related to CVE-2015-6254. It appears to be a placeholder or incomplete repository.