Lucene search

[email protected]NVD:CVE-2012-0037

HistoryJun 17, 2012 - 3:41 a.m.

CVE-2012-0037

2012-06-1703:41:40

CWE-611

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Affected configurations

NVD

Node

librdfraptorRange<2.0.7

Node

libreofficelibreofficeRange<3.4.6

libreofficelibreofficeMatch3.5.0

Node

apacheopenofficeMatch3.3.0

apacheopenofficeMatch3.4.0beta

Node

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

Node

redhatgluster_storage_server_for_on-premiseMatch2.0

redhatstorageMatch2.0

redhatstorage_for_public_cloudMatch2.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.2

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.2

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch6.0

References

blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

librdf.org/raptor/RELEASE.html#rel2_0_7

lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html

rhn.redhat.com/errata/RHSA-2012-0410.html

rhn.redhat.com/errata/RHSA-2012-0411.html

secunia.com/advisories/48479

secunia.com/advisories/48493

secunia.com/advisories/48494

secunia.com/advisories/48526

secunia.com/advisories/48529

secunia.com/advisories/48542

secunia.com/advisories/48649

secunia.com/advisories/50692

secunia.com/advisories/60799

security.gentoo.org/glsa/glsa-201209-05.xml

vsecurity.com/resources/advisory/20120324-1/

www.debian.org/security/2012/dsa-2438

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.libreoffice.org/advisories/CVE-2012-0037/

www.mandriva.com/security/advisories?name=MDVSA-2012:061

www.mandriva.com/security/advisories?name=MDVSA-2012:062

www.mandriva.com/security/advisories?name=MDVSA-2012:063

www.openoffice.org/security/cves/CVE-2012-0037.html

www.openwall.com/lists/oss-security/2012/03/27/4

www.osvdb.org/80307

www.securityfocus.com/bid/52681

www.securitytracker.com/id?1026837

exchange.xforce.ibmcloud.com/vulnerabilities/74235

github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0

lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for NVD:CVE-2012-0037

cve1 nessus29 openvas31 debian1 securityvulns3 redhat2 fedora4 ubuntucve1 prion1 cvelist1 ubuntu2 veracode1 freebsd1 centos2 seebug1 rosalinux1 oraclelinux1 gentoo2