Skip to main content

Improper Handling of Exceptional Conditions

CVE-2011-4625

Severity High
Score 7.5/10

Summary

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory Timeline

  • Published