Lucene search
GitHub Advisory DatabaseGHSA-R8V4-7VWJ-983XHistoryMay 14, 2022 - 3:40 a.m.
SimpleSAMLphp SAML2 spoof SAML responses
2022-05-1403:40:37
GitHub Advisory Database
github.com
2
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplesamlphp/saml2 | lt | 2.3.3 | |
| simplesamlphp/saml2 | lt | 1.9.1 | |
| simplesamlphp/saml2 | lt | 1.8.1 | |
| simplesamlphp/saml2 | lt | 1.10.3 |
References
Related
osv
osv
SimpleSAMLphp SAML2 spoof SAML responses
2022-05-14 03:40:37
CVE-2016-9814
2017-02-17 02:59:00
simplesamlphp - security update
2018-03-02 00:00:00
cve
cve
CVE-2016-9814
2017-02-17 02:59:00
veracode
veracode
Denial Of Service (DoS)
2017-07-25 03:26:13
prion
prion
Design/Logic Flaw
2017-02-17 02:59:00
ubuntucve
ubuntucve
CVE-2016-9814
2017-02-17 00:00:00
cvelist
cvelist
CVE-2016-9814
2017-02-16 18:00:00
debiancve
debiancve
CVE-2016-9814
2017-02-17 02:59:00
friendsofphp
friendsofphp
Incorrect signature verification
2016-11-29 13:12:44
nessus
nessus
Debian DLA-1298-1 : simplesamlphp security update
2018-03-06 00:00:00
debian
debian
[SECURITY] [DLA 1297-1] simplesamlphp security update
2018-03-02 11:12:04
openvas
openvas
Debian: Security Advisory (DLA-1298-1)
2018-03-26 00:00:00