Published: 01/09/2017 Updated: 06/05/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The InfoCard module 1.0 for SimpleSAMLphp allows malicious users to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplesamlphp infocard module 1.0
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #889286 simplesamlphp: CVE-2017-18121 CVE-2017-18122 Package: simplesamlphp; Maintainer for simplesamlphp is Thijs Kinkhorst <thijs@debianorg>; Source for simplesamlphp is src:simplesamlphp (PTS, buildd, popcon) Reported by: Abhijith PA <abhijith@disrootorg> Date: Sat, 3 Feb 2018 10:57:03 ...

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset CVE-2017-12869 When using the multiauth module, attackers can bypass authentic ...

CWE-20 https://simplesamlphp.org/security/201612-03 https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html https://www.debian.org/security/2018/dsa-4127 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 https://nvd.nist.gov https://www.debian.org/security/./dsa-4127

CVE-2017-12874

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect