Back to bug 1043332
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| David Jorm | 2013-12-16 01:56:49 UTC | CC | weli | |
| David Jorm | 2013-12-16 01:59:56 UTC | Blocks | 1043333 | |
| Arun Babu Neelicattu | 2013-12-16 04:03:02 UTC | CC | aneelica | |
| David Jorm | 2013-12-20 05:36:15 UTC | Whiteboard | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,jboss/unknown=new | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/opensaml=affected,eap-5/opensaml=wontfix,jpp-6/opensaml=affected,jpp-5/opensaml=wontfix,jon-3/opensaml=notaffected,jboss/fuse-6.0=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix |
| David Jorm | 2013-12-20 05:41:23 UTC | Whiteboard | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/opensaml=affected,eap-5/opensaml=wontfix,jpp-6/opensaml=affected,jpp-5/opensaml=wontfix,jon-3/opensaml=notaffected,jboss/fuse-6.0=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/opensaml=affected,eap-5/opensaml=wontfix,jpp-6/opensaml=affected,epp-5/opensaml=wontfix,jon-3/opensaml=notaffected,jboss/fuse-6.0=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix |
| David Jorm | 2013-12-20 05:42:15 UTC | Depends On | 1045295 | |
| David Jorm | 2013-12-20 05:42:50 UTC | Depends On | 1045296 | |
| David Jorm | 2013-12-20 05:43:12 UTC | Depends On | 1045297 | |
| David Jorm | 2013-12-20 05:43:34 UTC | Depends On | 1045298 | |
| Arun Babu Neelicattu | 2014-01-09 05:44:03 UTC | Summary | CVE-2013-6440 OpenSAML: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter | CVE-2013-6440 XMLTooling-J/OpenSAML for Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter |
| Arun Babu Neelicattu | 2014-01-09 05:45:40 UTC | Summary | CVE-2013-6440 XMLTooling-J/OpenSAML for Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter | CVE-2013-6440 XMLTooling-J/OpenSAML Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter |
| Arun Babu Neelicattu | 2014-01-10 02:20:26 UTC | Whiteboard | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/opensaml=affected,eap-5/opensaml=wontfix,jpp-6/opensaml=affected,epp-5/opensaml=wontfix,jon-3/opensaml=notaffected,jboss/fuse-6.0=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix |
| Arun Babu Neelicattu | 2014-01-10 02:21:25 UTC | CC | anil.saldhana, asantos, bdawidow, epp-bugs, fnasser, hfnukal, huwang, jcoleman, jpallich, lgao, myarboro, pcheung, rhq-maint, spinder, theute | |
| Arun Babu Neelicattu | 2014-01-10 02:55:19 UTC | Depends On | 1051300 | |
| Arun Babu Neelicattu | 2014-01-10 02:56:55 UTC | Depends On | 1051301 | |
| Arun Babu Neelicattu | 2014-01-10 02:57:06 UTC | Depends On | 1051302 | |
| David Jorm | 2014-01-15 14:15:48 UTC | Blocks | 1050810 | |
| David Jorm | 2014-01-21 04:28:32 UTC | Blocks | 1055846 | |
| Chess Hazlett | 2014-01-23 22:48:15 UTC | CC | chazlett | |
| Chess Hazlett | 2014-01-28 20:05:16 UTC | Blocks | 1058944 | |
| Carlo de Wolf | 2014-03-12 08:46:27 UTC | Depends On | 1075468 | |
| Chess Hazlett | 2014-04-25 18:05:56 UTC | Blocks | 1059445 | |
| Chess Hazlett | 2014-07-01 21:46:03 UTC | Blocks | 1059445 | |
| Pavel Polischouk | 2014-07-09 23:34:27 UTC | CC | pavelp | |
| Pavel Polischouk | 2014-09-15 23:40:55 UTC | Blocks | 1141957 | |
| Martin Prpič | 2014-09-19 10:24:46 UTC | Doc Text | It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. | |
| Pavel Polischouk | 2014-09-22 18:18:47 UTC | Blocks | 1145284 | |
| John Skeoch | 2014-10-21 00:07:51 UTC | CC | mjc | |
| Pavel Polischouk | 2014-10-30 22:03:51 UTC | Blocks | 1159080 | |
| Ján Rusnačko | 2014-11-26 13:19:47 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix,cwe=CWE-611 | ||
| Chess Hazlett | 2014-12-15 21:15:33 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-12-15 16:15:33 UTC | |||
| Andrej Nemec | 2016-02-15 13:35:35 UTC | Whiteboard | impact=moderate,public=20131211,reported=20131211,source=internet,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix,cwe=CWE-611 | impact=moderate,public=20131211,reported=20131211,source=upstream,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix |
| Product Security DevOps Team | 2019-09-29 13:11:26 UTC | Whiteboard | impact=moderate,public=20131211,reported=20131211,source=upstream,cvss2=5/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,eap-6/xmltooling=affected,eap-5/xmltooling=wontfix,jpp-6/xmltooling=affected,epp-5/xmltooling=wontfix,jon-3/xmltooling=notaffected,jboss/fuse-6.0=affected,fsw-6/xmltooling=affected,brms-6/xmltooling=affected,jdv-6/xmltooling=notaffected,bpms-6/xmltooling=affected,jboss/fuse-esb-7.1=affected,jboss/fuse-others=wontfix | |
| Ondrej Soukup | 2021-08-11 12:42:42 UTC | CC | osoukup |
Back to bug 1043332