The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
References
Configurations
Configuration 1 (hide)
|
History
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-02-14 15:55
Updated : 2024-02-04 18:35
NVD link : CVE-2013-6440
Mitre link : CVE-2013-6440
CVE.ORG link : CVE-2013-6440
JSON object : View
Products Affected
shibboleth
- opensaml
internet2
- opensaml
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor