Debian Simplesamlphp vulnerabilities

CVE-2025-27773 [HIGH] CVE-2025-27773: simplesamlphp - The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality... The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 conta

CVE-2024-52596 [HIGH] CVE-2024-52596: simplesamlphp - SimpleSAMLphp xml-common is a common classes for handling XML-structures. When l... SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0. Scope: local bookworm: resolved (fixed in 1.19.7-1+deb12u1) bullseye: resolved (fixed in 1.19.0-1+deb11u1) sid: resolved (fixed in 1.19.7-1+deb12

CVE-2024-52806 [HIGH] CVE-2024-52806: simplesamlphp - SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Wh... SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. Scope: local bookworm: resolved (fixed in 1.19.7-1+deb12u1) bullseye: resolved (fixed in 1.19.0-1+deb11u1) sid: resolved (

CVE-2020-5226 [MEDIUM] CVE-2020-5226: simplesamlphp - Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.... Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to us

CVE-2020-5301 [LOW] CVE-2020-5301: simplesamlphp - SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerabi... SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The chec

CVE-2020-5225 [MEDIUM] CVE-2020-5225: simplesamlphp - Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php scr... Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. Whe

CVE-2019-3465 [HIGH] CVE-2019-3465: simplesamlphp - Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by Si... Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. Scope: local bookworm: resolved (fixed in 1.17.6-2) bullseye: resolved (fixed in

CVE-2018-6521 [CRITICAL] CVE-2018-6521: simplesamlphp - The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 chars... The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. Scope: local bookworm: resolved (fixed in 1.15.2-1) bullseye: resolved (fixed in 1.15.2-1) sid: resolved (fi

CVE-2018-7644 [HIGH] CVE-2018-7644: simplesamlphp - The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15... The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key con

CVE-2018-6519 [HIGH] CVE-2018-6519: simplesamlphp - The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in Simpl... The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. Scope: local bookworm: resolved (fixed in 1.15.2-1) bullseye: resolved (fixed in 1.15.2-1) sid: resolved (fixed in 1.15.2-1)

CVE-2018-7711 [HIGH] CVE-2018-7711: simplesamlphp - HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an inco... HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value

CVE-2018-6520 [MEDIUM] CVE-2018-6520: simplesamlphp - SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect p... SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. Scope: local bookworm: resolved (fixed in 1.15.2-1) bullseye: resolved (fixed in 1.15.2-1) sid: resolved (fixed in 1.15.2-1)

CVE-2017-12868 [CRITICAL] CVE-2017-12868: simplesamlphp - The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.1... The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. Scope: local bookworm: resolved (fixed in 1.14.15-1) bullseye: resolved (

CVE-2017-12873 [CRITICAL] CVE-2017-12873: simplesamlphp - SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive in... SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. Scope: local bookworm: resolved (fixed in 1.14.11-1) bullseye: resolved (fixed in 1.14.11-1) sid: resolv

CVE-2017-12874 [HIGH] CVE-2017-12874: simplesamlphp - The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages... The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. Scope: local bookworm: resolved (fixed in 1.14.11-1) bullseye: resolved (fixed in 1.14.11-1) sid: resolved (fixed in 1.14.11-1)

CVE-2017-12869 [HIGH] CVE-2017-12869: simplesamlphp - The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attacker... The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. Scope: local bookworm: resolved (fixed in 1.14.15-1) bullseye: resolved (fixed in 1.14.15-1) sid: resolved (f

CVE-2017-18122 [HIGH] CVE-2017-18122: simplesamlphp - A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14... A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged

CVE-2017-12872 [MEDIUM] CVE-2017-12872: simplesamlphp - The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAM... The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. Scope: local bookworm: resolved (fixed in 1.14.15-1) bullseye: r

CVE-2017-12871 [MEDIUM] CVE-2017-12871: simplesamlphp - The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x... The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). Scope: local bookworm: resolved (fixed in 1.14.15-1) bullseye: resolved (fix

CVE-2017-12870 [MEDIUM] CVE-2017-12870: simplesamlphp - SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers... SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. Scope: local bookworm: resolved (fixed in 1.14.15-1) bullseye: resolved (fixe