Miggo Logo
Miggo Vulnerability Database
CVE-2019-3465

CVE-2019-3465:
Signature validation bypass in XmlSecLibs

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-3465
GHSA ID
GHSA-pqm6-cgwr-x6pf
EPSS Score
0.87507%
CWE
CWE-347
Published
11/8/2019
Updated
2/6/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
robrichards/xmlseclibscomposer>= 3.0.0, < 3.0.43.0.4
robrichards/xmlseclibscomposer>= 1.0.0, < 2.1.12.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper handling of multiple SignedInfo/Reference elements in XML signatures. The commit 0a53d3c introduced fixes: 1) Added checks for multiple SignedInfo elements in locateSignature/canonicalizeSignedInfo, 2) Modified XPath queries in getRefIDs/validateReference to explicitly select the first SignedInfo ([1]). These changes indicate the original functions lacked proper validation, allowing attackers to craft XML with multiple SignedInfo blocks to bypass signature checks. The high confidence comes from direct correlation between the patch's logic and the CVE description of signature validation bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ro* Ri***r*s XmlS**Li*s, *ll v*rsions prior to v*.*.*, *s us** *or *x*mpl* *y Simpl*S*MLp*p, p*r*orm** in*orr**t v*li**tion o* *rypto*r*p*i* si*n*tur*s in XML m*ss***s, *llowin* *n *ut**nti**t** *tt**k*r to imp*rson*t* ot**rs or *l*v*t* privil***s *y

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* multipl* `Si*n**In*o`/`R***r*n**` *l*m*nts in XML si*n*tur*s. T** *ommit `*******` intro*u*** *ix*s: *) ***** ****ks *or multipl* `Si*n**In*o` *l*m*nts in `lo**t*Si*n*tur*/**noni**liz*Si*n**In*o`, *