Lucene search

[email protected]CVE-2014-1626

HistoryJan 26, 2014 - 1:55 a.m.

CVE-2014-1626

2014-01-2601:55:20

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1626

xml external entity

xxe

marc::file::xml

vulnerability

perl

evergreen

koha

perl4lib

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.6%

JSON

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.

Affected configurations

NVD

Node

galen_charltonmarc-xmlRange≤1.0.1

galen_charltonmarc-xmlMatch1.0

CPENameOperatorVersion
galen_charlton:marc-xmlgalen charlton marc-xmlle1.0.1
galen_charlton:marc-xmlgalen charlton marc-xmleq1.0

CPE	Name	Operator	Version
galen_charlton:marc-xml	galen charlton marc-xml	le	1.0.1
galen_charlton:marc-xml	galen charlton marc-xml	eq	1.0

References

libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html

lists.katipo.co.nz/pipermail/koha/2014-January/038430.html

osvdb.org/102367

secunia.com/advisories/55404

www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html

www.securityfocus.com/bid/65057

exchange.xforce.ibmcloud.com/vulnerabilities/90620

metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.6%

JSON

Related for CVE-2014-1626

openvas4 fedora2 nvd1 nessus2 cvelist1 debiancve1 prion1 ubuntucve1