BSA-2017-470
21529
17 November 2017
17 November 2017
Closed
Medium
5.0
N/A
CVE-2013-6440
Summary
Security Advisory ID : BSA-2017-470
Component : Expand Entity References
Revision : 1.0: Interim
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Affected Products
Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.
Products Confirmed Not Vulnerable
Brocade Fabric OS is confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | November 17, 2017 |