CVE-2017-12873
Summary
| CVE | CVE-2017-12873 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-09-01 21:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. |
Risk And Classification
Problem Types: CWE-384
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Simplesamlphp | Simplesamlphp | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugfix: Make sure a persistent NameID is not generated by default whe… · simplesamlphp/simplesamlphp@90dca83 · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-4127-1 simplesamlphp | DEBIAN | www.debian.org | Third Party Advisory |
| [SECURITY] [DLA 1205-1] simplesamlphp security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| SimpleSAMLphp | CONFIRM | simplesamlphp.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.