CVE-2017-16853

Опубликовано: 16 нояб. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.1

Описание

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.

Релиз	Статус	Примечание
artful	released	2.6.0-4+deb9u1build0.17.10.1
bionic	not-affected	2.6.1-1
cosmic	not-affected	2.6.1-1
devel	not-affected	2.6.1-1
esm-apps/bionic	not-affected	2.6.1-1
esm-apps/xenial	released	2.5.5-1ubuntu0.1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [2.5.3-2+deb8u2build0.14.04.1]]
precise/esm	DNE
trusty	released	2.5.3-2+deb8u2build0.14.04.1
trusty/esm	DNE	trusty was released [2.5.3-2+deb8u2build0.14.04.1]

Показывать по

Ссылки на источники

EPSS

Процентиль: 71%

0.00694

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-16853

CVSS3: 6.5

redhat

около 8 лет назад

CVE-2017-16853

CVSS3: 8.1

nvd

около 8 лет назад

CVE-2017-16853

CVSS3: 8.1

debian

около 8 лет назад

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicM ...

openSUSE-SU-2017:3241-1

suse-cvrf

около 8 лет назад

Security update for opensaml

SUSE-SU-2017:3234-1

suse-cvrf

около 8 лет назад

Security update for opensaml

EPSS

Процентиль: 71%

0.00694

Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

CVE-2017-16853

Описание

Пакет opensaml2

Ссылки на источники

Связанные уязвимости