Lucene search

CVE-2013-4202

🗓️ 16 Sep 2013 19:38:14Reported by redhatType

cve🔗 web.nvd.nist.gov👁 55 Views🌐 WEB

OpenStack Cinder Grizzly 2013.1.3 XEE attac

Reporter	Title	Published	Views	Family All 100
Github Security Blog	OpenStack Cinder Denial of Service using XML entities	14 May 202201:58	–	github
Github Security Blog	XML Entity Expansion (XEE) in Django	17 May 202205:09	–	github
Github Security Blog	OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack	17 May 202204:58	–	github
NVD	CVE-2013-4202	16 Sep 201319:14	–	nvd
NVD	CVE-2013-1664	3 Apr 201300:55	–	nvd
NVD	CVE-2013-4179	16 Sep 201319:14	–	nvd
NVD	CVE-2013-0279	3 Apr 201300:55	–	nvd
NVD	CVE-2013-0278	3 Apr 201300:55	–	nvd
NVD	CVE-2013-0280	3 Apr 201300:55	–	nvd
Debian CVE	CVE-2013-4202	16 Sep 201319:14	–	debiancve

Nvd

Node

openstack cinderRange2013.1–2013.1.3

Node

canonical ubuntu_linuxMatch13.04

Source	Link
rhn	www.rhn.redhat.com/errata/RHSA-2013-1198.html
ubuntu	www.ubuntu.com/usn/USN-2005-1
bugs	www.bugs.launchpad.net/ossa/+bug/1190229

Parameter	Position	Path	Description	CWE
XML payload	request body	api/contrib/backups.py	CWE-399 vulnerability allows attackers to exploit XML Entity Expansion leading to denial of service.	CWE-399
XML payload	request body	contrib/volume_transfer.py	CWE-399 vulnerability allows attackers to exploit XML Entity Expansion leading to denial of service.	CWE-399

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Sep 2013 19:14Current

6.4Medium risk

Vulners AI Score6.4

CVSS24.3

EPSS0.03646

CWE-399