CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...

CVE-2024-52806

SimpleSAMLphp SAML2 library is affected by an XXE when loading an untrusted XML document (e.g., SAMLResponse). The issue is tied to parsing XML in the library, and the vulnerability is fixed in versions 4.6.14 and 5.0.0-alpha.18. Affected component: SimpleSAMLphp SAML2; root cause: XXE during XML...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

Fedora 28 : php-simplesamlphp-saml2 (2018-85cb15befd)

SSPSA 201803-01 / CVE-2018-7711 - SSPSA 201802-01 / CVE-2018-7644 - SSPSA 201801-01 / CVE-2018-6519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

Fedora 26 : php-simplesamlphp-saml2 (2018-f4ab4d96f9)

SSPSA 201803-01 / CVE-2018-7711 - SSPSA 201802-01 / CVE-2018-7644 - SSPSA 201801-01 / CVE-2018-6519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much...

Fedora Update for php-simplesamlphp-saml2 FEDORA-2018-f4ab4d96f9

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-simplesamlphp-saml2 FEDORA-2018-6db40b0c37

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

simplesamlphp/saml2 is vulnerable to denial of service DoS attacks and spoofed SAML responses. It mishandles the conversion of return values to boolean which allows attackers to perform these attacks...

CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

Fedora Update for php-simplesamlphp-saml2 FEDORA-2016-5c32bae671

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-simplesamlphp-saml2 FEDORA-2016-8b1f72df21

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : php-simplesamlphp-saml2 / php-simplesamlphp-saml2_1 (2016-5c32bae671)

v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - 201612-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora Update for php-simplesamlphp-saml2 FEDORA-2016-b000091725

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : php-simplesamlphp-saml2 / php-simplesamlphp-saml2_1 (2016-b000091725)

v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - 201612-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 25 : php-simplesamlphp-saml2 / php-simplesamlphp-saml2_1 (2016-8b1f72df21)

v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - 201612-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...