CVE-2013-6440
CVSS v2.0
5 (Medium)
EPSS
0.27 % (68th)
Affected Products
2
Advisories
1
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2014-02-14 15:55:05
(10 years ago) - Updated Date
-
2022-02-07 16:15:12
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...