CVE-2016-10149 - XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read

CVE-2016-10149

Summary

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

References

Vulnerable Configurations

cpe:2.3:a:pysaml2_project:pysaml2:-:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:-:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:pysaml2_project:pysaml2:4.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-01-2018 - 02:30)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa
id RHSA-2017:0936
rhsa
id RHSA-2017:0937
rhsa
id RHSA-2017:0938

rpms

python-defusedxml-0:0.5.0-1.el7ost
python-pysaml2-0:3.0.2-3.el7ost
python-defusedxml-0:0.5.0-1.el7ost
python-pysaml2-0:3.0.2-3.el7ost
python-defusedxml-0:0.5.0-1.el7ost
python-pysaml2-0:3.0.2-3.el7ost

refmap via4

bid	97692
confirm	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716 https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b https://github.com/rohe/pysaml2/pull/379
debian	DSA-3759
misc	https://github.com/rohe/pysaml2/issues/366
mlist	[oss-security] 20170119 Re: CVE request: python-pysaml2 XML external entity attack

Last major update

05-01-2018 - 02:30

Published

24-03-2017 - 14:59

Last modified

05-01-2018 - 02:30