[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4038-1 shibboleth-sp2 -- shibboleth-sp2

ID: oval:org.secpod.oval:def:603176Date: (C)2017-12-08   (M)2023-12-20
Class: PATCHFamily: unix




Rod Widdowson of Steading System Software LLP discovered a coding error in the "Dynamic" metadata plugin of the Shibboleth Service Provider, causing the plugin to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.

Platform:
Debian 8.x
Debian 9.x
Product:
shibboleth-sp2
libshibsp-doc
libshibsp6
libshibsp7
libapache2-mod-shib2
libshibsp-plugins
libshibsp-dev
Reference:
DSA-4038-1
CVE-2017-16852
CVE    1
CVE-2017-16852
CPE    6
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.x
cpe:/a:shibboleth:libshibsp6
cpe:/o:debian:debian_linux:9.x
...

© SecPod Technologies