what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2013-6440

Status Candidate

Overview

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

Related Files

Red Hat Security Advisory 2014-1995-01
Posted Dec 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | 6f51d606ff7b3322c666a24390b0422e80a72849656f025ba3acfd45a4c38b2d
Red Hat Security Advisory 2014-1290-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | 4f80131519fa532b2d939ededaed4995c7db19a53b730aec5e8cbebbbe84d586
Red Hat Security Advisory 2014-1291-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | ba67e16970bb0a46123e301e1f81f50c25821c0c92da96b2a81c3531ecce7e24
Red Hat Security Advisory 2014-0452-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0452-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6440, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003, CVE-2014-0050
SHA-256 | 03f37430604f6239ba0ee36444a97249c1e5a6d314e1df68fde5bc819458ad41
Red Hat Security Advisory 2014-0195-01
Posted Feb 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0195-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440
SHA-256 | ad17b99c336d1d0ac63117515d8fb941efea61e47e0482fa54c72c275372cd9e
Red Hat Security Advisory 2014-0172-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0172-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
SHA-256 | 541f07157180c8db909f86a437b2213620a20031cbdccf831162fc96fb9d554f
Red Hat Security Advisory 2014-0171-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0171-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
SHA-256 | 6ea55d54a664d704b909d71fccb7a651a80a777a52a2c4bd5d51856a12b1f5a6
Red Hat Security Advisory 2014-0170-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0170-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
SHA-256 | 4a7a416e0f9b2d1408e2420c51fc4ae55f44ce58cef88c50b293d9afcf81cdca
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close