Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-1665HistoryApr 03, 2013 - 12:55 a.m.
CVE-2013-1665
2013-04-0300:55:00
Debian Security Bug Tracker
security-tracker.debian.org
10
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | keystone | < 2012.1.1-13 | keystone_2012.1.1-13_all.deb |
| Debian | 11 | all | keystone | < 2012.1.1-13 | keystone_2012.1.1-13_all.deb |
| Debian | 10 | all | keystone | < 2012.1.1-13 | keystone_2012.1.1-13_all.deb |
| Debian | 999 | all | keystone | < 2012.1.1-13 | keystone_2012.1.1-13_all.deb |
| Debian | 13 | all | keystone | < 2012.1.1-13 | keystone_2012.1.1-13_all.deb |
| Debian | 12 | all | python-django | < 1.4.4-1 | python-django_1.4.4-1_all.deb |
| Debian | 11 | all | python-django | < 1.4.4-1 | python-django_1.4.4-1_all.deb |
| Debian | 10 | all | python-django | < 1.4.4-1 | python-django_1.4.4-1_all.deb |
| Debian | 999 | all | python-django | < 1.4.4-1 | python-django_1.4.4-1_all.deb |
| Debian | 13 | all | python-django | < 1.4.4-1 | python-django_1.4.4-1_all.deb |
Related
prion
prion
ubuntucve
ubuntucve
CVE-2013-1665
2013-02-19 00:00:00
cve
cve
redhat
redhat
veracode
veracode
XML External Entity (XXE)
2019-05-02 04:44:12
Denial Of Service (DoS)
2019-05-02 04:48:39
Denial Of Service (DoS)
2019-05-02 04:48:40
nessus
nessus
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1730-1)
2013-02-21 00:00:00
Fedora 18 : openstack-keystone-2012.2.3-3.fc18 (2013-2916)
2013-03-05 00:00:00
Debian DSA-2634-1 : python-django - several vulnerabilities
2013-02-27 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2013-02-20 00:00:00
Django vulnerabilities
2013-03-07 00:00:00
openvas
openvas
Ubuntu Update for keystone USN-1730-1
2013-02-22 00:00:00
Ubuntu: Security Advisory (USN-1730-1)
2013-02-22 00:00:00
Debian: Security Advisory (DSA-2634-1)
2013-02-26 00:00:00
securityvulns
securityvulns
[USN-1730-1] OpenStack Keystone vulnerabilities
2013-02-24 00:00:00
[SECURITY] [DSA 2634-1] python-django security update
2013-03-03 00:00:00
osv
osv
python-django - several vulnerabilities
2013-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-3.fc18
2013-03-04 22:39:17
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
2013-04-08 22:52:02
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
debian
debian
[SECURITY] [DSA 2634-1] python-django security update
2013-02-26 23:58:40
freebsd
freebsd
django -- multiple vulnerabilities
2013-02-21 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
Related for DEBIANCVE:CVE-2013-1665