Vulnerability Description
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplesamlphp | Simplesamlphp | >= 1.7.0, <= 1.14.10 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlMailing ListThird Party Advisory
- https://simplesamlphp.org/security/201612-04PatchVendor Advisory
- https://www.debian.org/security/2018/dsa-4127Third Party Advisory
- https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlMailing ListThird Party Advisory
- https://simplesamlphp.org/security/201612-04PatchVendor Advisory
- https://www.debian.org/security/2018/dsa-4127Third Party Advisory
FAQ
What is CVE-2017-12873?
CVE-2017-12873 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generat...
How severe is CVE-2017-12873?
CVE-2017-12873 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12873?
Check the references section above for vendor advisories and patch information. Affected products include: Simplesamlphp Simplesamlphp, Debian Debian Linux.