CVE-2011-4625
HIGHsimplesamlphp < 1.6.3 and < 1.8.2 - XML Encryption Handling Issue
Title source: llmDescription
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-4625
Third Party Advisory x_refsource_misc
https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545
Scores
CVSS v3
7.5
EPSS
0.0074
EPSS Percentile
49.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-755
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
simplesamlphp/simplesamlphp
0 - 1.8.1Packagist
simplesamlphp/simplesamlphp
1.6.0 - 1.6.3
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026