python-pysaml2 CVE-2016-10149 XML Entity Expansion Denial of Service Vulnerability

python-pysaml2 is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to resource exhaustion and crash the affected application, denying service to legitimate users.

Information

Bugtraq ID: 97692
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-10149

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Apr 12 2017 12:00AM
Credit: FreedomCoder
Vulnerable: rohe pysaml2 0
Redhat OpenStack Platform 9.0
Redhat OpenStack Platform 8.0 (Liberty)
Redhat OpenStack Platform 10

Not Vulnerable:

References:

• Bug 1415710 - (CVE-2016-10149) CVE-2016-10149 python-pysaml2: Entity expansion i (Red Hat Bugzilla)
  
• Fix XXE in XML parsing (rohe)
  
• pysaml2 Product Page (rohe)
  

Source: www.securityfocus.com