Tenable Security Center Multiple Vulnerabilities (TNS-2025-20)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-20 advisory. - Symphony process is a module for the Symphony PHP framework which executes commands ...

Linux Distros Unpatched Vulnerability : CVE-2025-27773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion...

[SECURITY] [DLA 4161-1] simplesamlphp security update

Debian LTS Advisory DLA-4161-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 09, 2025 https://wiki.debian.org/LTS Package : simplesamlphp Version : 1.19.0-1+deb11u2 CVE ID : CVE-2025-27773 Debian Bug : 1100595 A vulnerability has been discovered in SimpleSAMLph...

Signature Confusion Attack

simplesamlphp/saml2 is vulnerable to a Signature Confusion Attack. The vulnerability is due to improper validation in the HTTP-Redirect binding, which allows an attacker with any signed SAMLResponse to trick the application into accepting an unsigned message...

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

DEBIAN-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

UBUNTU-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

CVE-2025-27773

CVE-2025-27773 affects the SimpleSAMLphp SAML2 library. A signature confusion attack exists in the HTTPRedirect binding where an attacker who has any signed SAMLResponse can cause the application to accept an unsigned message. This impacts versions prior to 4.17.0 and 5.0.0-alpha.20. The issue is...

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

SUSE CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...