Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-6440HistoryFeb 14, 2014 - 3:55 p.m.
CVE-2013-6440
2014-02-1415:55:00
Debian Security Bug Tracker
security-tracker.debian.org
14
EPSS
0.003
Percentile
67.8%
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | opensaml2 | < 2.6.0-4+deb9u1 | opensaml2_2.6.0-4+deb9u1_all.deb |
Related
ibm
ibm
cvelist
cvelist
CVE-2013-6440
2014-02-14 15:00:00
nvd
nvd
CVE-2013-6440
2014-02-14 15:55:05
github
github
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
2022-05-13 01:04:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
2022-05-13 01:04:00
prion
prion
Xxe
2014-02-14 15:55:00
cve
cve
CVE-2013-6440
2014-02-14 15:55:05
ubuntucve
ubuntucve
CVE-2013-6440
2014-02-14 00:00:00
redhat
redhat
veracode
veracode
Improper Access Control
2019-05-02 04:56:55
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2014:0171)
2014-02-14 00:00:00
RHEL 5 : JBoss EAP (RHSA-2014:0170)
2014-02-14 00:00:00