Lucene search
K

25 matches found

Prion
Prion
added 2018/03/05 2:29 p.m.19 views

Type confusion

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...

5CVSS7.3AI score0.01262EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/03/05 2:0 p.m.69 views

CVE-2018-7644

CVE-2018-7644 affects SimpleSAMLphp prior to 1.15.3 where XmlSecLibs used by the saml2 library incorrectly verifies SAML assertions, enabling a remote attacker to craft an assertion from an Identity Provider that passes cryptographic checks and impersonate a user from that IdP. The issue is a key...

7.5CVSS7.3AI score0.01262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/05 2:0 p.m.38 views

CVE-2018-7644

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...

7.4AI score0.01262EPSS
Exploits0References1
NVD
NVD
added 2015/09/28 4:59 p.m.15 views

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

5CVSS6.6AI score0.00871EPSS
Exploits1References5
Cvelist
Cvelist
added 2015/09/28 4:0 p.m.19 views

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...

6.6AI score0.00871EPSS
Exploits1References5
Rows per page
Query Builder