CVE-2016-9814
First published: Tue Nov 29 2016(Updated: )
Incorrect signature verification
Credit: security@debian.org security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/simplesamlphp/saml2 | <1.8.1>=1.9.0<1.9.1>=1.10<1.10.3>=2.0<2.3.3 | |
| composer/simplesamlphp/saml2 | >=2.0<2.3.3 | 2.3.3 |
| composer/simplesamlphp/saml2 | >=1.9.0<1.9.1 | 1.9.1 |
| composer/simplesamlphp/saml2 | <1.8.1 | 1.8.1 |
| composer/simplesamlphp/saml2 | >=1.10<1.10.3 | 1.10.3 |
| SimpleSAMLphp | <=1.14.9 | |
| SimpleSAMLphp | =1.10 | |
| SimpleSAMLphp | <=1.9 | |
| SimpleSAMLphp | =1.10 | |
| SimpleSAMLphp | =1.10.1 | |
| SimpleSAMLphp | =1.10.2 | |
| SimpleSAMLphp | =2.0.0 | |
| SimpleSAMLphp | =2.0.1 | |
| SimpleSAMLphp | =2.1 | |
| SimpleSAMLphp | =2.2 | |
| SimpleSAMLphp | =2.3 | |
| SimpleSAMLphp | =2.3.1 | |
| SimpleSAMLphp | =2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://simplesamlphp.org/security/201612-01
- http://www.securityfocus.com/bid/94730
- https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-9814
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2016-9814.yaml
- https://github.com/advisories/GHSA-r8v4-7vwj-983x (Advisory)
Frequently Asked Questions
What is the severity of CVE-2016-9814?
CVE-2016-9814 is considered a high severity vulnerability due to its potential for remote attackers to spoof SAML responses.
How do I fix CVE-2016-9814?
To fix CVE-2016-9814, upgrade to SimpleSAMLphp version 1.14.10 or later, or simplesamlphp/saml2 version 1.9.1, 1.10.3, or 2.3.3.
Which software is affected by CVE-2016-9814?
CVE-2016-9814 affects SimpleSAMLphp versions before 1.14.10 and simplesamlphp/saml2 library versions before 1.9.1, 1.10.3, and 2.3.3.
What types of attacks can CVE-2016-9814 enable?
CVE-2016-9814 can allow attackers to spoof SAML responses and potentially cause a denial of service.
Is CVE-2016-9814 a local or remote vulnerability?
CVE-2016-9814 is classified as a remote vulnerability, enabling attackers to exploit the flaw from a distance.
- collector/friends-of-php
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-r8v4-7vwj-983x
- alias/CVE-2016-9814
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/softwarecombine
- agent/weakness
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/composer
- vendor/simplesamlphp
- canonical/simplesamlphp
- version/simplesamlphp/1.14.9
- version/simplesamlphp/1.10
- version/simplesamlphp/1.9
- version/simplesamlphp/1.10.1
- version/simplesamlphp/1.10.2
- version/simplesamlphp/2.0.0
- version/simplesamlphp/2.0.1
- version/simplesamlphp/2.1
- version/simplesamlphp/2.2
- version/simplesamlphp/2.3
- version/simplesamlphp/2.3.1
- version/simplesamlphp/2.3.2