QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16852

Published: Nov 16, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.debian.org/881857

x_refsource_CONFIRM

https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=b66cceb0e992c351ad5e2c665229ede82f261b16

x_refsource_CONFIRM

https://shibboleth.net/community/advisories/secadv_20171115.txt

x_refsource_CONFIRM

[debian-lts-announce] 20171118 [SECURITY] [DLA 1179-1] shibboleth-sp2 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.