Vulnerability Details CVE-2017-12873
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- https://simplesamlphp.org/security/201612-04
- https://www.debian.org/security/2018/dsa-4127
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- https://simplesamlphp.org/security/201612-04
- https://www.debian.org/security/2018/dsa-4127
Products affected by CVE-2017-12873
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.10
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.10.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.11
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.11.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.12
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.12.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.13
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.13.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.13.1
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.13.2
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.1
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.10
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.2
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.3
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.4
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.5
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.6
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.7
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.8
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.14.9
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.7.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.8
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.8.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.8.1
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.8.2
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.8.3
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.9
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.9.0
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.9.1
-
cpe:2.3:a:simplesamlphp:simplesamlphp:1.9.2
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0