Published: 02/02/2018 Updated: 03/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The SAML2 library prior to 1.10.4, 2.x prior to 2.3.5, and 3.x prior to 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplesamlphp saml2
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #889286 simplesamlphp: CVE-2017-18121 CVE-2017-18122 Package: simplesamlphp; Maintainer for simplesamlphp is Thijs Kinkhorst <thijs@debianorg>; Source for simplesamlphp is src:simplesamlphp (PTS, buildd, popcon) Reported by: Abhijith PA <abhijith@disrootorg> Date: Sat, 3 Feb 2018 10:57:03 ...

Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset CVE-2017-12869 When using the multiauth module, attackers can bypass authentic ...

CWE-74 https://simplesamlphp.org/security/201801-01 https://www.debian.org/security/2018/dsa-4127 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889286 https://nvd.nist.gov https://www.debian.org/security/./dsa-4127

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-6519

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect