CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS
Percentile
77.0%
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before
1.14.11 might allow remote attackers to spoof signatures on SAML 1
responses or possibly cause a denial of service (memory consumption) by
leveraging improper conversion of return values to boolean.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2016/12/14/7
github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
launchpad.net/bugs/cve/CVE-2016-9955
nvd.nist.gov/vuln/detail/CVE-2016-9955
security-tracker.debian.org/tracker/CVE-2016-9955
simplesamlphp.org/security/201612-02
www.cve.org/CVERecord?id=CVE-2016-9955
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS
Percentile
77.0%