QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16853

Published: Nov 16, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

https://bugs.debian.org/881856

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://git.shibboleth.net/view/?p=cpp-opensaml.git%3Ba=commit%3Bh=6182b0acf2df670e75423c2ed7afe6950ef11c9d

x_refsource_CONFIRM

https://shibboleth.net/community/advisories/secadv_20171115.txt

x_refsource_CONFIRM

[debian-lts-announce] 20171118 [SECURITY] [DLA 1178-1] opensaml2 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.