{"containers":{"cna":{"affected":[{"product":"Rob Richards XmlSecLibs","vendor":"n/a","versions":[{"status":"affected","version":"All versions prior to version 3.0.3"}]}],"descriptions":[{"lang":"en","value":"Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."}],"problemTypes":[{"descriptions":[{"description":"Improper Verification of Cryptographic Signature","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-04-25T04:06:13.000Z","orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian"},"references":[{"name":"[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"},{"name":"20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Nov/8"},{"name":"DSA-4560","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2019/dsa-4560"},{"tags":["x_refsource_MISC"],"url":"https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"},{"tags":["x_refsource_MISC"],"url":"https://simplesamlphp.org/security/201911-01"},{"name":"FEDORA-2019-9a960c8a98","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"},{"name":"FEDORA-2019-81f61cdceb","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"},{"name":"FEDORA-2019-be01267416","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"},{"name":"FEDORA-2019-73d0fe1d15","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"},{"name":"FEDORA-2019-dc90bf093b","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"},{"name":"FEDORA-2019-ec8719a21c","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.tenable.com/security/tns-2019-09"},{"name":"FEDORA-2020-1b95d7a131","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"},{"name":"FEDORA-2020-46d0f456a9","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"},{"name":"FEDORA-2020-af82229ae5","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2019-3465","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Rob Richards XmlSecLibs","version":{"version_data":[{"version_value":"All versions prior to version 3.0.3"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Verification of Cryptographic Signature"}]}]},"references":{"reference_data":[{"name":"[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"},{"name":"20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Nov/8"},{"name":"DSA-4560","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4560"},{"name":"https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5","refsource":"MISC","url":"https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"},{"name":"https://simplesamlphp.org/security/201911-01","refsource":"MISC","url":"https://simplesamlphp.org/security/201911-01"},{"name":"FEDORA-2019-9a960c8a98","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"},{"name":"FEDORA-2019-81f61cdceb","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"},{"name":"FEDORA-2019-be01267416","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"},{"name":"FEDORA-2019-73d0fe1d15","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"},{"name":"FEDORA-2019-dc90bf093b","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"},{"name":"FEDORA-2019-ec8719a21c","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"},{"name":"https://www.tenable.com/security/tns-2019-09","refsource":"CONFIRM","url":"https://www.tenable.com/security/tns-2019-09"},{"name":"FEDORA-2020-1b95d7a131","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"},{"name":"FEDORA-2020-46d0f456a9","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"},{"name":"FEDORA-2020-af82229ae5","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T19:12:09.411Z"},"title":"CVE Program Container","references":[{"name":"[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"},{"name":"20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Nov/8"},{"name":"DSA-4560","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4560"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://simplesamlphp.org/security/201911-01"},{"name":"FEDORA-2019-9a960c8a98","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"},{"name":"FEDORA-2019-81f61cdceb","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"},{"name":"FEDORA-2019-be01267416","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"},{"name":"FEDORA-2019-73d0fe1d15","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"},{"name":"FEDORA-2019-dc90bf093b","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"},{"name":"FEDORA-2019-ec8719a21c","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.tenable.com/security/tns-2019-09"},{"name":"FEDORA-2020-1b95d7a131","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"},{"name":"FEDORA-2020-46d0f456a9","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"},{"name":"FEDORA-2020-af82229ae5","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"}]}]},"cveMetadata":{"assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","assignerShortName":"debian","cveId":"CVE-2019-3465","datePublished":"2019-11-07T19:12:33.000Z","dateReserved":"2018-12-31T00:00:00.000Z","dateUpdated":"2024-08-04T19:12:09.411Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}