Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4560-1:7FC5C
HistoryNov 06, 2019 - 1:42 p.m.

[SECURITY] [DSA 4560-1] simplesamlphp security update

2019-11-0613:42:57
lists.debian.org
32

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.1%

JSON

Debian Security Advisory DSA-4560-1 [email protected]
https://www.debian.org/security/ Thijs Kinkhorst
November 06, 2019 https://www.debian.org/security/faq

Package : simplesamlphp
CVE ID : CVE-2019-3465
Debian Bug : 944107

It was discovered that in SimpleSAMLphp, an implementation of the
SAML 2.0 protocol, it was possible to circumvent XML signature
verification on SAML messages.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.14.11-1+deb9u2.

For the stable distribution (buster), this problem has been fixed in
version 1.16.3-1+deb10u1.

We recommend that you upgrade your simplesamlphp packages.

For the detailed security status of simplesamlphp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/simplesamlphp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Related

fedora 9
nessus 11
osv 4
openvas 11
github 1
debian 1
duo 2
prion 1
veracode 1
cve 1
debiancve 1
ubuntucve 1
fedora
fedora
[SECURITY] Fedora 31 Update: php-robrichards-xmlseclibs-2.1.1-1.fc31
2019-11-15 03:03:02
[SECURITY] Fedora 29 Update: php-robrichards-xmlseclibs-2.1.1-1.fc29
2019-11-15 03:21:01
[SECURITY] Fedora 31 Update: php-robrichards-xmlseclibs1-1.4.3-1.fc31
2020-04-13 17:26:12
nessus
nessus
Tenable SecurityCenter 5.9.x to 5.12.x SimpleSAMLPHP Privilege Escalation (TNS-2020-01)
2021-03-19 00:00:00
Fedora 29 : php-robrichards-xmlseclibs (2019-81f61cdceb)
2019-11-15 00:00:00
Fedora 31 : php-robrichards-xmlseclibs3 (2019-9a960c8a98)
2019-11-15 00:00:00
osv
osv
simplesamlphp - security update
2019-11-06 00:00:00
CVE-2019-3465
2019-11-07 20:15:11
Signature validation bypass in XmlSecLibs
2019-11-08 20:06:46
openvas
openvas
Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-46d0f456a9)
2020-04-14 00:00:00
Fedora Update for php-robrichards-xmlseclibs3 FEDORA-2019-9a960c8a98
2020-01-09 00:00:00
Fedora Update for php-robrichards-xmlseclibs3 FEDORA-2019-be01267416
2019-11-17 00:00:00
github
github
Signature validation bypass in XmlSecLibs
2019-11-08 20:06:46
debian
debian
[SECURITY] [DLA 1983-1] simplesamlphp security update
2019-11-06 13:53:27
duo
duo
DUO-PSA-2019-002: Duo Product Security Advisory
1976-01-01 00:00:00
DUO-PSA-2019-002: Duo Product Security Advisory
1976-01-01 00:00:00
prion
prion
Input validation
2019-11-07 20:15:00
veracode
veracode
Signature Verification Bypass
2019-11-07 02:25:30
cve
cve
CVE-2019-3465
2019-11-07 20:15:00
debiancve
debiancve
CVE-2019-3465
2019-11-07 20:15:00
ubuntucve
ubuntucve
CVE-2019-3465
2019-11-07 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.1%

JSON
Related for DEBIAN:DSA-4560-1:7FC5C
fedora9nessus11osv4openvas11github1debian1duo2prion1veracode1cve1debiancve1ubuntucve1