CVE-2016-10149
python-pysaml2: Entity expansion issue
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
Vulnerabilidad de XXE en PySAML2 4.4.0 y versiones anteriores permite a atacantes remotos leer archivos arbitrarios a través de una solicitud o respuesta SAMPL XML manipulada.
An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-01-19 CVE Reserved
- 2017-03-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
- CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97692 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/01/19/5 | 2018-01-05 | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716 | 2018-01-05 | |
| https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b | 2018-01-05 | |
| https://github.com/rohe/pysaml2/issues/366 | 2018-01-05 | |
| https://github.com/rohe/pysaml2/pull/379 | 2018-01-05 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3759 | 2018-01-05 | |
| https://access.redhat.com/errata/RHSA-2017:0936 | 2018-01-05 | |
| https://access.redhat.com/errata/RHSA-2017:0937 | 2018-01-05 | |
| https://access.redhat.com/errata/RHSA-2017:0938 | 2018-01-05 | |
| https://access.redhat.com/security/cve/CVE-2016-10149 | 2017-04-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1415710 | 2017-04-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pysaml2 Project Search vendor "Pysaml2 Project" | Pysaml2 Search vendor "Pysaml2 Project" for product "Pysaml2" | <= 4.4.0 Search vendor "Pysaml2 Project" for product "Pysaml2" and version " <= 4.4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||