| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-72je-vjsn-a3a3 |
| vulnerability_id |
VCID-72je-vjsn-a3a3 |
| summary |
Link injection
`www/logout.php` and `modules/core/www/no_cookie.php` are not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on. It allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the `link_href` and `retryURL` HTTP parameters, respectively. |
| references |
|
| fixed_packages |
|
| aliases |
201606-01
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-72je-vjsn-a3a3 |
|
| 3 |
|
| 4 |
| url |
VCID-8ra2-tfjs-c3a2 |
| vulnerability_id |
VCID-8ra2-tfjs-c3a2 |
| summary |
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/simplesamlphp/simplesamlphp@1.14.1 |
| purl |
pkg:composer/simplesamlphp/simplesamlphp@1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1u9j-pr96-wueh |
|
| 1 |
| vulnerability |
VCID-2erd-t2hf-cbf7 |
|
| 2 |
| vulnerability |
VCID-72je-vjsn-a3a3 |
|
| 3 |
| vulnerability |
VCID-741q-jvqg-4qhq |
|
| 4 |
| vulnerability |
VCID-9kdf-1k7y-8yge |
|
| 5 |
| vulnerability |
VCID-aq1f-4gx2-w7e2 |
|
| 6 |
| vulnerability |
VCID-eryg-yprt-1uhd |
|
| 7 |
| vulnerability |
VCID-fwh5-cfnj-hfeg |
|
| 8 |
| vulnerability |
VCID-hqfj-cd75-nkfa |
|
| 9 |
| vulnerability |
VCID-mkss-szdn-vucw |
|
| 10 |
| vulnerability |
VCID-mt8a-t14t-fycw |
|
| 11 |
| vulnerability |
VCID-n129-376a-y3gj |
|
| 12 |
| vulnerability |
VCID-nm6r-f68t-ufht |
|
| 13 |
| vulnerability |
VCID-npe5-1a82-bbh2 |
|
| 14 |
| vulnerability |
VCID-pwbg-dz5n-t7fj |
|
| 15 |
| vulnerability |
VCID-rts2-upqp-7kee |
|
| 16 |
| vulnerability |
VCID-v5hk-k2vp-tfgg |
|
| 17 |
| vulnerability |
VCID-vn25-u6v1-cqh1 |
|
| 18 |
| vulnerability |
VCID-wmg4-fqe6-rfb8 |
|
| 19 |
| vulnerability |
VCID-wtmm-kpq1-4kc2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/simplesamlphp/simplesamlphp@1.14.1 |
|
|
| aliases |
CVE-2016-3124, GHSA-9327-mqm6-x97j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ra2-tfjs-c3a2 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| url |
VCID-hqfj-cd75-nkfa |
| vulnerability_id |
VCID-hqfj-cd75-nkfa |
| summary |
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid.
## Original Description
# Summary
When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.
## Mitigation:
Remove the `LIBXML_DTDLOAD | LIBXML_DTDATTR` options from `$options` is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41
## Background / details
To be published on Dec 8th |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-j5g2-q29x-cw3h
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hqfj-cd75-nkfa |
|
| 9 |
| url |
VCID-mkss-szdn-vucw |
| vulnerability_id |
VCID-mkss-szdn-vucw |
| summary |
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12868, GHSA-j96g-47x2-46hv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkss-szdn-vucw |
|
| 10 |
|
| 11 |
| url |
VCID-n129-376a-y3gj |
| vulnerability_id |
VCID-n129-376a-y3gj |
| summary |
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12870, GHSA-44pr-mgcp-v36r
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n129-376a-y3gj |
|
| 12 |
| url |
VCID-nm6r-f68t-ufht |
| vulnerability_id |
VCID-nm6r-f68t-ufht |
| summary |
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12872, GHSA-v882-949x-6v28
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nm6r-f68t-ufht |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|