CVE-2016-9814

Summary: CVE-2016-9814 affects SimpleSAMLphp and the simplesamlphp/saml2 library. The vulnerability stems from an improper conversion of return values to boolean in the validateSignature method of SAML2\Utils, enabling remote attackers to spoof SAML responses or cause a memory-related Denial of S...

CVE-2018-6519

The vulnerability CVE-2018-6519 affects SimpleSAMLphp’s SAML2 library: Regular Expression Denial of Service for fraction-of-seconds in timestamps. Affected versions are SimpleSAMLphp SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1. Impact is partial availability (DoS) via netw...

CVE-2018-7711

CVE-2018-7711 affects the SimpleSAMLphp saml2 library, specifically HTTPRedirect.php in versions prior to 1.15.4. The root cause is an incorrect check of return values in the signature validation utilities, caused by a dependency on PHP behavior that interprets a -1 error code as true. This lets ...

CVE-2023-49087

The CVE-2023-49087 issue affects the xml-security library used by SimpleSAMLphp. The root cause is insufficient validation while computing or comparing signatures: if an attacker can manipulate the canonicalized DigestValue, the cryptographic signature on the SignedInfo tree could be forged. The ...