CVE-2017-12873
Last modified
CVE-2017-12873 is a vulnerability of currently unknown severity. SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.
Description
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Simplesamlphp | Simplesamlphp | >= 1.7.0, <= 1.14.10 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
References
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlMailing List, Third Party Advisory
- https://simplesamlphp.org/security/201612-04Patch, Vendor Advisory
- https://www.debian.org/security/2018/dsa-4127Third Party Advisory
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953Issue Tracking, Patch, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlMailing List, Third Party Advisory
- https://simplesamlphp.org/security/201612-04Patch, Vendor Advisory
- https://www.debian.org/security/2018/dsa-4127Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12873?
How severe is CVE-2017-12873?
How do I fix CVE-2017-12873?
Are you affected by CVE-2017-12873?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST