The validateSignature method in the SAML2\Utils class in SimpleSAMLphp prior to 1.14.10 and simplesamlphp/saml2 library prior to 1.9.1, 1.10.x prior to 1.10.3, and 2.x prior to 2.3.3 allows remote malicious users to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplesamlphp simplesamlphp 1.10 |
||
simplesamlphp simplesamlphp |
||
simplesamlphp saml2 2.0.0 |
||
simplesamlphp saml2 2.0.1 |
||
simplesamlphp saml2 1.10.1 |
||
simplesamlphp saml2 1.10.2 |
||
simplesamlphp saml2 2.3.2 |
||
simplesamlphp saml2 1.10 |
||
simplesamlphp saml2 2.3 |
||
simplesamlphp saml2 2.3.1 |
||
simplesamlphp saml2 2.1 |
||
simplesamlphp saml2 2.2 |
||
simplesamlphp saml2 |