Home Unlabelled IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440)

IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440)

By
Wednesday, November 15, 2017
Read
Add Comment

There is an information disclosure due to an XML external entity (XXE) vulnerability when using the OpenSAML features in WebSphere Application Server Liberty.

CVE(s): CVE-2013-6440

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty using samlWeb-2.0 feature
  • Liberty using wsSecuritySaml-1.1 feature

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zI8Yvd
X-Force Database: http://ift.tt/2hvl28Y

The post IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2013-6440) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2zGScwy
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us