9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.341 Low
EPSS
Percentile
97.0%
Software: libxml2 2.9.1
OS: Cobalt 7.9
CVE-ID: CVE-2013-0339
CVE-Crit: HIGH
CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, also known as an XML External Entity (XXE) problem. NOTE: it could be argued that since libxml2 already provides the ability to disable external entity extensions, it is the responsibility of application developers to address this issue; according to this argument, this entry should be DISCLAIMED, and each affected application will need its own CVE.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8241
CVE-Crit: HIGH
CVE-DESC: The xmlNextChar function in libxml2 2.9.2 incorrectly checks state, allowing context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or obtain sensitive information via generated XML. data.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8710
CVE-Crit: CRITICAL
CVE-DESC: The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (accessing memory outside the heap and crashing the application), or possibly have unspecified other impact via an unopened HTML comment. .
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2015-8806
CVE-Crit: HIGH
CVE-DESC: dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) with an unexpected character right after the substring "
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.341 Low
EPSS
Percentile
97.0%