Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-12867

Good to know:

icon

Date: August 29, 2017

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.

Language: PHP

Severity Score

Related Resources (8)

https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12867.yaml
https://nvd.nist.gov/vuln/detail/CVE-2017-12867
https://simplesamlphp.org/security/201708-01
https://www.debian.org/security/2018/dsa-4127
https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
https://github.com/simplesamlphp/simplesamlphp
https://www.mend.io/vulnerability-database/CVE-2017-12867

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Session Expiration

CWE-613

Top Fix

icon

Upgrade Version

Upgrade to version tvdijen/simplesamlphp - dev-master;tvdijen/simplesamlphp - dev-validUntilcacheDuration;rozmarbeka/simplesamlphp - dev-login-template-1.0;rozmarbeka/simplesamlphp - v1.14.0;rozmarbeka/simplesamlphp - dev-feature/interface-cleanup;rozmarbeka/simplesamlphp - dev-php-7;simplesamlphp/simplesamlphp - v1.14.15;simplesamlphp/simplesamlphp-module-ldap - v1.14.9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us