7 matches found
DEBIAN-CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
UBUNTU-CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
Input validation
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
CVE-2017-12874
CVE-2017-12874 affects the SimpleSAMLphp InfoCard module (version 1.0) and is caused by an incorrect check of return values in signature validation utilities, enabling spoofing of XML messages. The issue is documented in multiple security advisories (e.g., Debian DSA-4127-1) and is listed among a...
CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
Spoofing
The Common Language Runtime CLR in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature...