UBUNTU-CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

DEBIAN-CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2018-6520

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL...

CVE-2018-6520

SimpleSAMLphp before 1.15.2 is vulnerable to an open redirect protection bypass through crafted authority data in a URL. The underlying issue is in the URL handling that allows bypass of redirect protections, enabling potential open redirects. Affected component: SimpleSAMLphp (prior to 1.15.2). ...

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2018-6519

The vulnerability CVE-2018-6519 affects SimpleSAMLphp’s SAML2 library: Regular Expression Denial of Service for fraction-of-seconds in timestamps. Affected versions are SimpleSAMLphp SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1. Impact is partial availability (DoS) via netw...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6521

CVE-2018-6521 affects SimpleSAMLphp SQLaUTH: before 1.15.2, the MySQL utf8 charset truncates queries at four-byte characters, potentially allowing remote attackers to bypass access restrictions. Affected: SimpleSAMLphp SQLaUTH module. Root cause: reliance on utf8 charset causing truncation. Impac...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6521

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions...

CVE-2018-6520

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL...

SimpleSAMLphp Open Redirect Protection Bypass Vulnerability

SimpleSAMLphp is a program written in native PHP to handle authentication. An open redirection protection bypass vulnerability exists in SimpleSAMLphp before 1.15.2. A remote attacker can bypass the open redirection protection mechanism via specially crafted authority data in the URL...

SimpleSAMLphp SAML2 Library Denial of Service Vulnerability

SimpleSAMLphp is a program written in native PHP to handle authentication. The SAML2 stock in SimpleSAMLphp is vulnerable to a regular expression denial of service vulnerability. The vulnerability arises due to fraction-of-seconds data in timestamp. An attacker can exploit this vulnerability to...

Open redirection protection bypass

More info at https://simplesamlphp.org/security/201801-02...

Use of insecure connection charset (sqlauth module)

More info at https://simplesamlphp.org/security/201801-03...

Debian DLA-1205-1 : simplesamlphp security update

The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...

[SECURITY] [DLA 1205-1] simplesamlphp security update

Package : simplesamlphp Version : 1.9.2-1+deb7u1 CVE ID : CVE-2017-12867 CVE-2017-12868 CVE-2017-12869 CVE-2017-12872 CVE-2017-12873 CVE-2017-12874 The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information...

DLA-1205-1 simplesamlphp - security update

Bulletin has no description...

Signature validation bypass (SAML 1.1)

More info at https://simplesamlphp.org/security/201710-01...

Cross-site Scripting (XSS)

simplesamlphp is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute a malicious Javascript document through the url when the url is being redirected...