CVE-2011-4625

HIGH

Simplesamlphp < 1.6.3 - Improper Exception Handling

Title source: rule

Description

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

References (2)

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2011-4625

[Third Party Advisory] https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-755

Status published

Affected Products (5)

simplesamlphp/simplesamlphp < 1.6.3

debian/debian_linux

simplesamlphp/simplesamlphp < 1.8.1Packagist

Timeline

Published Nov 06, 2019

Tracked Since Feb 18, 2026