Lucene search
Veracode Vulnerability DatabaseVERACODE:4928HistoryAug 21, 2017 - 2:22 p.m.
Timing Attack
2017-08-2114:22:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.003 Low
EPSS
Percentile
70.0%
simplesamlphp is vulnerable to timing attacks. The library does not compare cookies in constant time, allowing malicious users to guess the valid cookies based on the time that a comparison takes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplesamlphp/simplesamlphp | le | 1.14.11 |
References
Related
prion
prion
Input validation
2017-09-01 21:29:00
osv
osv
CVE-2017-12872
2017-09-01 21:29:00
SimpleSAMLphp allows timing side-channel attacks
2022-05-14 01:04:04
simplesamlphp - security update
2018-06-29 00:00:00
cvelist
cvelist
CVE-2017-12872
2017-09-01 21:00:00
debiancve
debiancve
CVE-2017-12872
2017-09-01 21:29:00
nvd
nvd
CVE-2017-12872
2017-09-01 21:29:00
github
github
SimpleSAMLphp allows timing side-channel attacks
2022-05-14 01:04:04
ubuntucve
ubuntucve
CVE-2017-12872
2017-09-01 00:00:00
cve
cve
CVE-2017-12872
2017-09-01 21:29:00
friendsofphp
friendsofphp
Multiple timing side-channel issues
2017-03-17 09:34:24
debian
debian
[SECURITY] [DLA 1408-1] simplesamlphp security update
2018-06-29 21:05:32
[SECURITY] [DLA 1205-1] simplesamlphp security update
2017-12-12 10:13:22
nessus
nessus
Debian DLA-1408-1 : simplesamlphp security update
2018-07-02 00:00:00
Debian DLA-1205-1 : simplesamlphp security update
2017-12-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1408-1)
2018-07-09 00:00:00
Debian: Security Advisory (DLA-1205-1)
2023-03-08 00:00:00