Back to search
CVE-2019-3465
Published: Nov 7, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
| Vendor | Product | Versions |
|---|---|---|
n/a | Rob Richards XmlSecLibs | affected All versions prior to version 3.0.3 |
References
[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update
mailing-list
x_refsource_MLIST
20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update
mailing-list
x_refsource_BUGTRAQ
DSA-4560
vendor-advisory
x_refsource_DEBIAN
https://simplesamlphp.org/security/201911-01
x_refsource_MISC
FEDORA-2019-9a960c8a98
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-81f61cdceb
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-be01267416
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-73d0fe1d15
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-dc90bf093b
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-ec8719a21c
vendor-advisory
x_refsource_FEDORA
https://www.tenable.com/security/tns-2019-09
x_refsource_CONFIRM
FEDORA-2020-1b95d7a131
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-46d0f456a9
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-af82229ae5
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now