Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:DCC31D4961650B41BAF732BB0B28B011
HistoryJun 13, 2016 - 12:00 a.m.

USN-2994-1 libxml2 vulnerabilities | Cloud Foundry

2016-06-1300:00:00
Cloud Foundry
www.cloudfoundry.org
36

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.6%

USN-2994-1 libxml2 vulnerabilities

Medium

Vendor

GNOME XML library, Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04 LTS

Description

Multiple researchers discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-1762, CVE-2016-1834, CVE-2016-1833, CVE-2016-1838, CVE-2016-1839, CVE-2016-1835, CVE-2016-1837, CVE-2016-1836, CVE-2016-1840, CVE-2016-4483)

It was discovered that libxml2 would load certain XML external entities. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. (CVE-2016-4449)

Affected Products and Versions

Severity is medium unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to v.1.66.0

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.66.0 or later versions

Credit

Gustavo Grieco, Mateusz Jurczyk, Wei Lei, Liu Yang

References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.036 Low

EPSS

Percentile

91.6%