High severity8.1NVD Advisory· Published Nov 16, 2017· Updated May 13, 2026

CVE-2017-16853

Description

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.

Affected products

Internet2/Opensaml
cpe:2.3:a:shibboleth:opensaml:*:*:*:*:*:*:*:*
Range: <2.6.1
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101898nvdThird Party AdvisoryVDB Entry
bugs.debian.org/881856nvdIssue TrackingThird Party Advisory
shibboleth.net/community/advisories/secadv_20171115.txtnvdIssue TrackingVendor Advisory
www.debian.org/security/2017/dsa-4039nvdIssue TrackingThird Party Advisory
lists.debian.org/debian-lts-announce/2017/11/msg00024.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000