CVE-2013-6440

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:internet2:opensaml:2.0:*:*:*:*:*:*:*
cpe:2.3:a:internet2:opensaml:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:internet2:opensaml:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:*:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:shibboleth:opensaml:2.5.3:*:*:*:*:*:*:*

History

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

Information

Published : 2014-02-14 15:55

Updated : 2024-02-04 18:35


NVD link : CVE-2013-6440

Mitre link : CVE-2013-6440

CVE.ORG link : CVE-2013-6440


JSON object : View

Products Affected

shibboleth

  • opensaml

internet2

  • opensaml
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor