CVE-2017-12874

CVE-2017-12874

EPSS 1.3%

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html https://simplesamlphp.org/security/201612-03 https://www.debian.org/security/2018/dsa-4127