CVE-2017-12873
NONE EPSS 73.6%
Published Sep 1, 20178y ago · Modified Jun 17, 20262w ago
Published Sep 1, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Threat Intelligence
EPSS Exploit Probability
73.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-384
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| simplesamlphp | simplesamlphp | * | ≥1.7.0 – ≤1.14.10 |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
| debian | debian_linux | 9.0 | any |
References 4
- github.com https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- lists.debian.org https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- simplesamlphp.org https://simplesamlphp.org/security/201612-04
- debian.org https://www.debian.org/security/2018/dsa-4127
Remediation
- github.com https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- simplesamlphp.org https://simplesamlphp.org/security/201612-04