CVE-2016-10127
Published: 3 March 2017
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Priority
Low
CVSS 3 base score: 9.0
Status
| Package | Release | Status |
|---|---|---|
|
python-pysaml2 Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(3.0.0-5)
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Ignored
(reached end-of-life)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | this is probably an issue in libxml2, not python-pysaml2 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10127
- http://www.openwall.com/lists/oss-security/2017/01/10/6
- NVD
- Launchpad
- Debian