cve/2013/CVE-2013-6440.md
2024-06-09 00:33:16 +00:00

851 B

CVE-2013-6440

Description

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

POC

Reference

Github