CVE-2017-12873

NONE EPSS 73.6%
Published Sep 1, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 1, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

Threat Intelligence

EPSS Exploit Probability
73.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-384

Affected Products 4

VendorProductVersionRange
simplesamlphpsimplesamlphp*≥1.7.0  –  ≤1.14.10
debiandebian_linux7.0any
debiandebian_linux8.0any
debiandebian_linux9.0any

References 4

  • github.com https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
    Issue TrackingPatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
    Mailing ListThird Party Advisory
  • simplesamlphp.org https://simplesamlphp.org/security/201612-04
    PatchVendor Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4127
    Third Party Advisory

Remediation

  • github.com https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
    Issue TrackingPatchThird Party Advisory
  • simplesamlphp.org https://simplesamlphp.org/security/201612-04
    PatchVendor Advisory