Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10149

Опубликовано: 31 окт. 2016
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-pysaml2Will not fix
Red Hat OpenStack Platform 11 (Ocata)python-pysaml2Not affected
Red Hat OpenStack Platform 10.0 (Newton)python-defusedxmlFixedRHSA-2017:093812.04.2017
Red Hat OpenStack Platform 10.0 (Newton)python-pysaml2FixedRHSA-2017:093812.04.2017
Red Hat OpenStack Platform 8.0 (Liberty)python-defusedxmlFixedRHSA-2017:093612.04.2017
Red Hat OpenStack Platform 8.0 (Liberty)python-pysaml2FixedRHSA-2017:093612.04.2017
Red Hat OpenStack Platform 9.0 (Mitaka)python-defusedxmlFixedRHSA-2017:093712.04.2017
Red Hat OpenStack Platform 9.0 (Mitaka)python-pysaml2FixedRHSA-2017:093712.04.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-776
https://bugzilla.redhat.com/show_bug.cgi?id=1415710python-pysaml2: Entity expansion issue

EPSS

Процентиль: 79%
0.0131
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-10149

CVSS3: 7.5
ubuntu
почти 9 лет назад

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

nvd логотип

CVE-2016-10149

CVSS3: 7.5
nvd
почти 9 лет назад

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

debian логотип

CVE-2016-10149

CVSS3: 7.5
debian
почти 9 лет назад

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...

github логотип

GHSA-c2vx-49jm-h3f6

CVSS3: 7.5
github
больше 7 лет назад

Pysaml2 does not sanitize XML responses

EPSS

Процентиль: 79%
0.0131
Низкий

5.3 Medium

CVSS3