Rod Widdowson

Pesquisador deSteading System Software LLP
#16593de 53,635
16.2CVSS total
Vulnerabilidades · 2
Alta
2
PT-2017-14597
8.1
2017-11-16
Shibboleth · Shibboleth Service Provider · CVE-2017-16852
**Name of the Vulnerable Software and Affected Versions** Shibboleth Service Provider versions prior to 2.6.1 **Description** The issue arises from the Dynamic MetadataProvider plugin in Shibboleth Service Provider, which fails to properly configure itself with the MetadataFilter plugins. This failure leads to the omission of critical security checks, including signature verification and enforcement of validity periods, among other deployment-specific checks. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.
PT-2017-14598
8.1
2017-11-16
Shibboleth Consortium · Opensaml · CVE-2017-16853
**Name of the Vulnerable Software and Affected Versions** OpenSAML versions prior to 2.6.1 **Description** The issue arises from the DynamicMetadataProvider class in OpenSAML-C, which fails to properly configure itself with the MetadataFilter plugins. This failure leads to a lack of critical security checks, including signature verification and enforcement of validity periods. These checks are crucial for secure deployments. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.