CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.6%
The DynamicMetadataProvider class in
saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in
OpenSAML before 2.6.1 fails to properly configure itself with the
MetadataFilter plugins and does not perform critical security checks such
as signature verification, enforcement of validity periods, and other
checks specific to deployments, aka CPPOST-105.
bugs.debian.org/881856
git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
launchpad.net/bugs/cve/CVE-2017-16853
nvd.nist.gov/vuln/detail/CVE-2017-16853
security-tracker.debian.org/tracker/CVE-2017-16853
shibboleth.net/community/advisories/secadv_20171115.txt
www.cve.org/CVERecord?id=CVE-2017-16853
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.6%