Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-3465

Published: 07/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 582
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Xmlseclibs

Vulnerability Summary

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated malicious user to impersonate others or elevate privileges by creating a crafted XML message.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlseclibs project xmlseclibs

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

simplesamlphp simplesamlphp

Vendor Advisories

Debian Security Advisories: DSA-4560-1 simplesamlphp -- security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 20 protocol, it was possible to circumvent XML signature verification on SAML messages For the oldstable distribution (stretch), this problem has been fixed in version 11411-1+deb9u2 For the stable distribution (buster), this problem has been fixed in version 1163-1+deb10 ...
Tenable Security Advisories: [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x
Tenablesc leverages third-party software to help provide underlying functionality One of the third-party components (SimpleSAMLPHP) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to provide a stand-alone patch to address the potent ...
Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bun ...

Github Repositories

https://github.com/parkbenchsolutions/odinapi-onelogin

Onelogin SAML2 Client

odinapi-onelogin Onelogin SAML2 Client OneLogin's SAML PHP Toolkit Compatible with PHP 5X & 7X Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc Warning Version 340 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting

https://github.com/catalyst/onelogin-php-saml

OneLogin's SAML PHP Toolkit Compatible with PHP 5X & 7X Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc Warning Version 340 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that wil

https://github.com/SAML-Toolkits/php-saml

Simple SAML toolkit for PHP

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/StewartOndricka/php-saml

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/kxc3244/php-app

OneLogin's SAML PHP Toolkit Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the '

https://github.com/Bimsuru/UPDATE-SAML

OneLogin's SAML PHP Toolkit Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the '

https://github.com/onelogin/php-saml

Simple SAML toolkit for PHP

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/SUSE/suse-mkt-php-saml

OneLogin's SAML PHP Toolkit Compatible with PHP 5X & 7X This package is a SUSE's fork of the original package, it's containing custom changes Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc Warning Version 340 introduces the '

https://github.com/Bimsuru/PHP-SAMAL-NEW

OneLogin's SAML PHP Toolkit Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the '

https://github.com/widodopangestu/sp-saml-php

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/robertowebdeveloper/test-saml

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/Onegini/php-saml

OneLogin's SAML PHP Toolkit Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the '

https://github.com/DeanMeijer/PHP-SAML

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

https://github.com/Bimsuru/PHP-SAML-NEW

OneLogin's SAML PHP Toolkit Add SAML support to your PHP software using this library Forget those complicated libraries and use this open source library provided and supported by OneLogin Inc The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the '

https://github.com/SidorkinAlex/test-saml2

SAML PHP Toolkit Add SAML support to your PHP software using this library The 3X branch is compatible with PHP > 71, so if you are using that PHP version, use it and not the 2X or the master branch Warning Version 2180 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsol

References

CWE-347https://www.debian.org/security/2019/dsa-4560https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5https://seclists.org/bugtraq/2019/Nov/8https://lists.debian.org/debian-lts-announce/2019/11/msg00003.htmlhttps://simplesamlphp.org/security/201911-01https://www.tenable.com/security/tns-2019-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/https://www.debian.org/security/2019/dsa-4560https://nvd.nist.govhttps://github.com/parkbenchsolutions/odinapi-onelogin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook