Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2017/09/01 1:29 p.m.22 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.2AI score0.00875EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 1:29 p.m.4 views

DEBIAN-CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS6.5AI score0.00875EPSS
Exploits0References1
CVE
CVE
added 2017/09/01 1:0 p.m.68 views

CVE-2017-12870

CVE-2017-12870 affects SimpleSAMLphp 1.14.12 and earlier. The issue arises from the use of AES encrypt/decrypt in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers, enabling MITM attackers to obtain sensitive information. The connected sour...

5.9CVSS5.3AI score0.00875EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2017/09/01 1:0 p.m.30 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0
Rows per page
Query Builder