7 matches found
Debian: Security Advisory (DLA-1205-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4127-1 : simplesamlphp - security update
Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol. - CVE-2017-12867 Attackers with access to a secret token could extend its validity period by manipulating the prepended time offset. - CVE-2017-12869 When using the...
[SECURITY] [DSA 4127-1] simplesamlphp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4127-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst March 02, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4127-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1205-1 : simplesamlphp security update
The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...
[SECURITY] [DLA 1205-1] simplesamlphp security update
Package : simplesamlphp Version : 1.9.2-1+deb7u1 CVE ID : CVE-2017-12867 CVE-2017-12868 CVE-2017-12869 CVE-2017-12872 CVE-2017-12873 CVE-2017-12874 The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information...
CVE-2017-12867
CVE-2017-12867 affects SimpleSAMLphp 1.14.14 and earlier where an attacker with access to a secret token can extend the token’s validity by manipulating the prepended time offset. The connected advisories confirm this vulnerability in multiple Debian releases and note that patches were released (...