exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2017-18122

около 8 лет назад

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

CVSS3: 8.1

EPSS: Низкий

CVE-2017-18122

около 8 лет назад

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

CVSS3: 8.1

EPSS: Низкий

CVE-2017-18122

около 8 лет назад

A signature-validation bypass issue was discovered in SimpleSAMLphp th ...

CVSS3: 8.1

EPSS: Низкий

GHSA-j4qf-3w33-8cgc

больше 3 лет назад

SimpleSAMLphp Signature validation bypass

CVSS3: 8.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-18122 A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.	CVSS3: 8.1	0% Низкий	около 8 лет назад
CVE-2017-18122 A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.	CVSS3: 8.1	0% Низкий	около 8 лет назад
CVE-2017-18122 A signature-validation bypass issue was discovered in SimpleSAMLphp th ...	CVSS3: 8.1	0% Низкий	около 8 лет назад
GHSA-j4qf-3w33-8cgc SimpleSAMLphp Signature validation bypass	CVSS3: 8.1	0% Низкий	больше 3 лет назад

Уязвимостей на страницу