cbcvebase.
CVE-2013-6440
published 2014-02-14

CVE-2013-6440: The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the…

PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.75%
84.4th percentile
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

Affected

12 ranges
VendorProductVersion rangeFixed in
internet2opensaml
internet2opensaml
internet2opensaml
shibbolethopensaml<= 2.6.0
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml
shibbolethopensaml

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.