Lucene search

K
nvd[email protected]NVD:CVE-2015-5312
HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-5312

2015-12-1521:59:00
CWE-399
web.nvd.nist.gov
8

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.6%

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Affected configurations

Nvd
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
OR
canonicalubuntu_linuxMatch15.10
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_hpc_nodeMatch6.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
appleiphone_osRange9.2.1
OR
applemac_os_xRange10.11.3
OR
appletvosRange9.1
OR
applewatchosRange2.1
Node
xmlsoftlibxml2Range2.9.2
Node
hpicewall_federation_agentMatch3.0
OR
hpicewall_file_managerMatch3.0
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0

References

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

7.1

Confidence

High

EPSS

0.01

Percentile

83.6%