Описание
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Data Grid 6 | opensaml | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | opensaml | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | opensaml | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | opensaml-core | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | opensaml | Not affected | ||
| Red Hat JBoss Operations Network 3 | opensaml | Not affected | ||
| Red Hat JBoss Portal 6 | opensaml | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicM ...
6.5 Medium
CVSS3