CVE-2013-6440

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

(1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter y (4) SAML Decrypter en Shibboleth OpenSAML-Java anterior a 2.6.1 establece la propiedad expandEntityReferences como "true", lo que permite a atacantes remotos realizar ataques de entidad externa XML (XXE) a través de una declaración XML DOCTYPE manipulada.

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-11-04 CVE Reserved
2014-02-13 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-611: Improper Restriction of XML External Entity Reference

CAPEC

References (9)

URL	Tag	Source
http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml	X_refsource_misc
http://shibboleth.net/community/advisories/secadv_20131213.txt	X_refsource_confirm
https://www.oracle.com/security-alerts/cpujan2022.html	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2014-0170.html	2022-02-07
http://rhn.redhat.com/errata/RHSA-2014-0171.html	2022-02-07
http://rhn.redhat.com/errata/RHSA-2014-0172.html	2022-02-07
http://rhn.redhat.com/errata/RHSA-2014-0195.html	2022-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=1043332	2014-12-15
https://access.redhat.com/security/cve/CVE-2013-6440	2014-12-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Internet2 Search vendor "Internet2"		Opensaml Search vendor "Internet2" for product "Opensaml"				2.0 Search vendor "Internet2" for product "Opensaml" and version "2.0"		-		Affected
Internet2 Search vendor "Internet2"		Opensaml Search vendor "Internet2" for product "Opensaml"				2.1.0 Search vendor "Internet2" for product "Opensaml" and version "2.1.0"		-		Affected
Internet2 Search vendor "Internet2"		Opensaml Search vendor "Internet2" for product "Opensaml"				2.2.0 Search vendor "Internet2" for product "Opensaml" and version "2.2.0"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				<= 2.6.0 Search vendor "Shibboleth" for product "Opensaml" and version " <= 2.6.0"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.4.0 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.0"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.4.1 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.1"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.4.2 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.2"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.4.3 Search vendor "Shibboleth" for product "Opensaml" and version "2.4.3"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.5.0 Search vendor "Shibboleth" for product "Opensaml" and version "2.5.0"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.5.1 Search vendor "Shibboleth" for product "Opensaml" and version "2.5.1"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.5.2 Search vendor "Shibboleth" for product "Opensaml" and version "2.5.2"		-		Affected
Shibboleth Search vendor "Shibboleth"		Opensaml Search vendor "Shibboleth" for product "Opensaml"				2.5.3 Search vendor "Shibboleth" for product "Opensaml" and version "2.5.3"		-		Affected