CVE-2016-9814 in SimpleSAMLphpinfo

Summary

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

12/04/2016

Disclosure

02/16/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-399 (Confirmed)

CVSS

7.8

EPSS

0.00825

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9814
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9814
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9814/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!