Vulnerability Description
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplesamlphp | Simplesamlphp | < 1.15.4 |
| Simplesamlphp | Saml2 | >= 1.0.0, < 1.10.6 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906bPatch
- https://lists.debian.org/debian-lts-announce/2018/03/msg00017.htmlThird Party Advisory
- https://simplesamlphp.org/security/201803-01Vendor Advisory
- https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906bPatch
- https://lists.debian.org/debian-lts-announce/2018/03/msg00017.htmlThird Party Advisory
- https://simplesamlphp.org/security/201803-01Vendor Advisory
FAQ
What is CVE-2018-7711?
CVE-2018-7711 is a vulnerability with a CVSS score of 8.1 (HIGH). HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accep...
How severe is CVE-2018-7711?
CVE-2018-7711 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7711?
Check the references section above for vendor advisories and patch information. Affected products include: Simplesamlphp Simplesamlphp, Simplesamlphp Saml2, Debian Debian Linux.