Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for infocard_module by simplesamlphp
CVE-2017-12874 (GCVE-0-2017-12874)
Vulnerability from nvd – Published: 2017-09-01 21:00 – Updated: 2024-08-05 18:51
VLAI
Summary
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://simplesamlphp.org/security/201612-03 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4127 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-03T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://simplesamlphp.org/security/201612-03",
"refsource": "CONFIRM",
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12874",
"datePublished": "2017-09-01T21:00:00.000Z",
"dateReserved": "2017-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:07.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12874 (GCVE-0-2017-12874)
Vulnerability from cvelistv5 – Published: 2017-09-01 21:00 – Updated: 2024-08-05 18:51
VLAI
Summary
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://simplesamlphp.org/security/201612-03 | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4127 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-03T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://simplesamlphp.org/security/201612-03",
"refsource": "CONFIRM",
"url": "https://simplesamlphp.org/security/201612-03"
},
{
"name": "[debian-lts-announce] 20171212 [SECURITY] [DLA 1205-1] simplesamlphp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html"
},
{
"name": "DSA-4127",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12874",
"datePublished": "2017-09-01T21:00:00.000Z",
"dateReserved": "2017-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:51:07.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}