BSA-2017-470

Brocade Fabric OS

2 more products

21529

17 November 2017

17 November 2017

Closed

Medium

5.0

N/A

CVE-2013-6440

Summary

Security Advisory ID : BSA-2017-470

Component : Expand Entity References

Revision : 1.0: Interim

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

Affected Products

Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.

Products Confirmed Not Vulnerable

Brocade Fabric OS is confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication November 17, 2017