PT-2017-12744 · Simplesamlphp · Infocard

Published

2017-09-01

·

Updated

2022-05-14

·

CVE-2017-12874

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions InfoCard module version 1.0 for SimpleSAMLphp
Description The issue allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Recommendations For InfoCard module version 1.0, consider disabling the module until a patch is available to prevent XML message spoofing.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-12874
DLA-1205-1
DSA-4127-1
GHSA-FJ28-869X-VV5G

Affected Products

Infocard