CVE-2016-10149
Summary
| CVE | CVE-2016-10149 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-03-24 14:59:00 UTC |
|---|
| Updated | 2018-01-05 02:30:00 UTC |
|---|
| Description | XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Fix XXE in XML parsing (related to #366) · rohe/pysaml2@6e09a25 · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| Debian -- Security Information -- DSA-3759-1 python-pysaml2 |
DEBIAN |
www.debian.org |
Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| PySAML vulnerable to XXE · Issue #366 · rohe/pysaml2 · GitHub |
MISC |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| oss-security - Re: CVE request: python-pysaml2 XML external entity attack |
MLIST |
www.openwall.com |
Mailing List, Patch, Third Party Advisory |
| python-pysaml2 CVE-2016-10149 XML Entity Expansion Denial of Service Vulnerability |
BID |
www.securityfocus.com |
|
| #850716 - python-pysaml2: CVE-2016-10149 - Debian Bug report logs |
CONFIRM |
bugs.debian.org |
Issue Tracking, Patch, Third Party Advisory |
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| Fix XXE in XML parsing (related to #366) by fruechel · Pull Request #379 · rohe/pysaml2 · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981143 Python (pip) Security Update for pysaml2 (GHSA-c2vx-49jm-h3f6)
