CVE-2018-7711 — simplesamlphp - security update

Description

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.

How to fix CVE-2018-7711

To remediate CVE-2018-7711, upgrade the affected package to a fixed version below.

—upgrade to 1.15.4-1 or later
—upgrade to 1.9.2-1+deb7u4 or later
—upgrade to 1.10.6 or later

Is CVE-2018-7711 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.15.4-1
from 0, < 1.9.2-1+deb7u4
from 0, < 1.10.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-7711
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-7711
WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7711.yaml
WEBgithub.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d