CVE-2017-12874
published 2017-09-01CVE-2017-12874: The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | simplesamlphp | < simplesamlphp 1.14.11-1 (bookworm) | simplesamlphp 1.14.11-1 (bookworm) |
| simplesamlphp | infocard_module | — | — |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.11-1 | 1.14.11-1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.11-1 | 1.14.11-1 |
| simplesamlphp | simplesamlphp-module-infocard | >= 0 < 1.0.1 | 1.0.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH