VDB
CVE-2017-16853
CVE-2017-16853
PUBLISHED
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
EPSS 0.69% · 72.3th percentile
Risk Scores
EPSS Score
0.69%
72.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | opensaml2 | 2.5.3-2.1ubuntu2, 2.5.5-1, 0 |
| Ubuntu:14.04:LTS | opensaml2 | 0, 2.5.3-2 |
Exploit Intelligence
- DSA-4039 (circl)
- https://bugs.debian.org/881856 (circl)
- 101898 (circl)
- https://git.shibboleth.net/view/?p=cpp-opensaml.git%3Ba=commit%3Bh=6182b0acf2df670e75423c2ed7afe6950ef11c9d (circl)
- https://shibboleth.net/community/advisories/secadv_20171115.txt (circl)
- [debian-lts-announce] 20171118 [SECURITY] [DLA 1178-1] opensaml2 security update (circl)
Timeline
- Nov 16, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-16853 third-party-advisory
- https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d third-party-advisory
- https://shibboleth.net/community/advisories/secadv_20171115.txt third-party-advisory
- https://bugs.debian.org/881856 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-16853 third-party-advisory