shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-16T17:00:00

Updated: 2024-08-05T20:35:21.217Z

Reserved: 2017-11-16T00:00:00

Link: CVE-2017-16852

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-11-16T17:29:00.450

Modified: 2024-11-21T03:17:06.087

Link: CVE-2017-16852

cve-icon Redhat

No data.