Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-11427

Published: 17/04/2019 Updated: 09/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 672
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Pythonsaml

Vulnerability Summary

OneLogin PythonSAML 2.3.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

onelogin pythonsaml

Github Repositories

https://github.com/ansible/python3-saml

This is a Fork This is a fork of githubcom/onelogin/python3-saml See ansible/awx#13244 as to why we forked this repo SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2

https://github.com/python-benchmark/VulnerableSAMLApp

Vulnerable SAML infrastructure A high level getting started guide is below, if you would like a more detailed guide, that covers the app, features, settings, and walkthroughs please check out: Application Overview and Walkthrough SAML Refresher The purpose of these applications is to showcase how certain vulnerable configurations can be exploited to allow a user to change th

https://github.com/yogisec/VulnerableSAMLApp

Vulnerable SAML infrastructure training applicaiton

Vulnerable SAML infrastructure A high level getting started guide is below, if you would like a more detailed guide, that covers the app, features, settings, and walkthroughs please check out: Application Overview and Walkthrough SAML Refresher The purpose of these applications is to showcase how certain vulnerable configurations can be exploited to allow a user to change th

https://github.com/TimothyChheang/vulnerableSAMLapp

Vulnerable SAML infrastructure A high level getting started guide is below, if you would like a more detailed guide, that covers the app, features, settings, and walkthroughs please check out: Application Overview and Walkthrough SAML Refresher The purpose of these applications is to showcase how certain vulnerable configurations can be exploited to allow a user to change th

https://github.com/onelogin/python3-saml

SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2 support was deprecated on Jan 1st, 2020: python-saml Warning Version 116X is the latest version supporting Python2, consid

https://github.com/JonathanRowe/python-saml-master

OneLogin's SAML Python Toolkit Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided and supported by OneLogin Inc This version supports Python2 There is a separate version that supports Python3: python3-saml Warning Version 270 sets strict mode active by default Update python-saml

https://github.com/john-westcott-iv/python3-saml

SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2 support was deprecated on Jan 1st, 2020: python-saml Warning Version 1130 sets sha256 and rsa-sha256 as default algorithms V

https://github.com/SAML-Toolkits/python3-saml

SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2 support was deprecated on Jan 1st, 2020: python-saml Warning Version 116X is the latest version supporting Python2, consid

https://github.com/pexip/os-python3-saml

Packaging for python3-saml

SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2 support was deprecated on Jan 1st, 2020: python-saml Warning Version 116X is the latest version supporting Python2, consid

https://github.com/CHYbeta/CVE-2017-11427-DEMO

The Demo for CVE-2017-11427

CVE-2017-11427-DEMO 基本环境 $ sudo apt-get install libxml2-dev libxslt1-dev $ sudo apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl DEMO: $ git clone githubcom/CHYbeta/CVE-2017-11427-DEMOgit $ cd CVE-2017-11427-DEMO $ source venv/bin/active $ cd vuln_saml $ python indexpy

https://github.com/onelogin/python-saml

Python SAML Toolkit

SAML Python Toolkit Python 2 was deprecated on January 1, 2020 We recommend to migrate your project to Python 3 and use python3-saml Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library This version supports Python2 There is a separate version that supports

https://github.com/kostetsocket/python3-saml

SAML Python Toolkit (compatible with Python3) Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library provided by the SAML tool community This version supports Python3 Python 2 support was deprecated on Jan 1st, 2020: python-saml Warning Version 1130 sets sha256 and rsa-sha256 as default algorithms

https://github.com/SAML-Toolkits/python-saml

Python SAML Toolkit

SAML Python Toolkit Python 2 was deprecated on January 1, 2020 We recommend to migrate your project to Python 3 and use python3-saml Add SAML support to your Python software using this library Forget those complicated libraries and use the open source library This version supports Python2 There is a separate version that supports

References

CWE-287https://www.kb.cert.org/vuls/id/475445https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementationshttps://nvd.nist.govhttps://www.kb.cert.org/vuls/id/475445
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook