Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2473HistoryAug 21, 2009 - 5:30 p.m.
CVE-2009-2473
2009-08-2117:30:00
Debian Security Bug Tracker
security-tracker.debian.org
17
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.8%
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | neon27 | <Â 0.32.5-1 | neon27_0.32.5-1_all.deb |
| Debian | 11 | all | neon27 | <Â 0.31.2-1 | neon27_0.31.2-1_all.deb |
| Debian | 10 | all | neon27 | <Â 0.30.2-3 | neon27_0.30.2-3_all.deb |
| Debian | 999 | all | neon27 | <Â 0.33.0-1.1 | neon27_0.33.0-1.1_all.deb |
| Debian | 13 | all | neon27 | <Â 0.33.0-1.1 | neon27_0.33.0-1.1_all.deb |
Related
ubuntucve
ubuntucve
prion
prion
Code injection
2009-08-21 17:30:00
Cross site scripting
2014-12-15 18:59:00
Code injection
2011-10-06 10:55:00
cve
cve
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:53:01
openvas
openvas
Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
2009-09-02 00:00:00
Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
2009-09-02 00:00:00
Fedora Core 10 FEDORA-2009-8794 (neon)
2009-09-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
libneon certificate spoofing
2009-08-25 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)
2009-08-25 00:00:00
Oracle Linux 5 : gnome-vfs2 (ELSA-2013-0131)
2013-07-12 00:00:00
RHEL 5 : gnome-vfs2 (RHSA-2013:0131)
2013-01-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package gnome-vfs version 1:2.24.3-alt2
2010-09-27 00:00:00
seebug
seebug
Neon XMLć楣解ććçťćĺĄćźć´
2009-08-26 00:00:00
redhat
redhat
(RHSA-2013:0131) Low: gnome-vfs2 security and bug fix update
2013-01-08 00:00:00
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
(RHSA-2009:1452) Moderate: neon security update
2009-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: neon-0.28.6-1.fc10
2009-08-20 20:59:38
[SECURITY] Fedora 11 Update: neon-0.28.6-1.fc11
2009-08-20 21:03:23
centos
centos
gnome security update
2013-01-09 19:45:49
libxml2 security update
2008-09-12 01:23:56
neon security update
2009-09-22 13:46:23
oraclelinux
oraclelinux
gnome-vfs2 security and bug fix update
2013-01-11 00:00:00
neon security update
2009-09-21 00:00:00
debiancve
debiancve
freebsd
freebsd
ejabberd -- remote denial of service vulnerability
2011-04-27 00:00:00
github
github
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
osv
osv
CVE-2017-18640
2019-12-12 03:15:10
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
redhatcve
redhatcve
CVE-2017-18640
2020-04-08 21:02:33
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.8%
Related for DEBIANCVE:CVE-2009-2473