Regular Expression Denial of Service in SimpleSAMLphp by Lasso Inc.
CVE-2018-6519

7.5HIGH

Key Information:

Vendor: SimplesamlPHP
Status: Saml2
Vendor: CVE Published:; 2 February 2018

🔔 Create SimplesamlPHP Vulnerability Alert

What is CVE-2018-6519?

A vulnerable Regular Expression implementation in the SAML2 library versions prior to 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp can be exploited to trigger Denial of Service through specially crafted timestamp data. This could lead to unresponsive services, highlighting the need for immediate updates to affected versions to prevent exploitation.

References

https://simplesamlphp.org/security/201801-01

x_refsource_CONFIRM

https://www.debian.org/security/2018/dsa-4127

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Feb 1, 2018

CVE-2018-6519 Data

JSON