CVE-2019-9628

Published: Apr 11, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Affected (7)

Products: Xmltooling Project: Xmltooling · Canonical: Ubuntu Linux · Opensuse: Leap

Xmltooling Project

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xmltooling Project Xmltooling	Before 3.0.4

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://security.netapp.com/advisory/ntap-20190611-0003/

Source: cve@mitre.org

Third Party Advisory

https://shibboleth.net/community/advisories/secadv_20190311.txt

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3921-1/

Source: cve@mitre.org

Third Party Advisory

https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.netapp.com/advisory/ntap-20190611-0003/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://shibboleth.net/community/advisories/secadv_20190311.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3921-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.