PT-2017-7752 · Pysaml2+1 · Pysaml2+1

Fruechel

·

Published

2017-01-12

·

Updated

2022-05-17

·

CVE-2016-10127

CVSS v4.0

9.4

Critical

VectorAV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions PySAML2 (affected versions not specified)
Description The issue allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2016-10127
DSA-3759-1
GHSA-M269-WJ6G-C459
PYSEC-2017-67
SUSE-SU-2017:0569-1
SUSE-SU-2019:2671-1
SUSE-SU-2019:2867-1

Affected Products

Debian
Pysaml2