OpenSAML Metadata Configuration Flaw Exposes Security Risks
CVE-2017-16853

8.1HIGH

Key Information:

Vendor

Shibboleth

Status
Opensaml
Vendor
CVE Published:
16 November 2017

What is CVE-2017-16853?

The DynamicMetadataProvider class in OpenSAML prior to version 2.6.1 suffers from a critical configuration issue that prevents proper integration with MetadataFilter plugins. It lacks essential security checks, including signature verification and validity period enforcement, which are crucial for securing SAML-based interactions. This vulnerability, identified as CPPOST-105, can lead to unauthorized access and exploitation of security protocols, highlighting the importance of timely updates and configuration practices in SAML implementations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.debian.org/security/2017/dsa-4039
vendor-advisoryx_refsource_DEBIAN
https://bugs.debian.org/881856
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101898
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.