{"id": "SECURITYVULNS:VULN:14334", "bulletinFamily": "software", "title": "Apache Xerces-C DoS", "description": "Memory corruption on XML parsing.", "published": "2015-03-21T00:00:00", "modified": "2015-03-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14334", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31812"], "cvelist": ["CVE-2015-0252"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d62db6c5498fa77e2e4f567347477836"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "7b15da4ca6553896862b9293127ba5e6"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "13d4ef741567b3f99e6a40c1b61af38e"}, {"key": "href", "hash": "935e9c9610f8d032c8b17a67057e6a9f"}, {"key": "modified", "hash": "a34abbc8939e10fdb2c168fd4e1e23fb"}, {"key": "published", "hash": "a34abbc8939e10fdb2c168fd4e1e23fb"}, {"key": "references", "hash": "94da14dc2a3cb044cfba4e0582fbe4eb"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "5749a8ec868b02190bf37ffc0738073a"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "78115657bb105a745111ab12fb11406f773c6f63f4e02491ae45a5924aadf7db", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:09:59"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Xerces-C", "operator": "eq", "version": "3.1"}]}

{"cve": [{"lastseen": "2018-10-18T15:09:32", "references": ["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://rhn.redhat.com/errata/RHSA-2015-1193.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html", "http://www.debian.org/security/2015/dsa-3199", "https://shibboleth.net/community/advisories/secadv_20150319.txt", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html", "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html", "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html", "http://www.securityfocus.com/bid/73252", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html", "http://www.securitytracker.com/id/1032254", "https://www.exploit-db.com/exploits/36906/", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"], "description": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.", "edition": 3, "reporter": "NVD", "published": "2015-03-24T13:59:01", "title": "CVE-2015-0252", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-0252"], "scanner": [], "modified": "2018-10-16T21:29:21", "cpe": ["cpe:/o:fedoraproject:fedora:21", "cpe:/o:debian:debian_linux:7.1", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:apache:xerces-c:3.1.1"], "id": "CVE-2015-0252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0252", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n\r\nCVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected: Apache Xerces-C XML Parser library versions\r\nprior to V3.1.2\r\n\r\nDescription: The Xerces-C XML parser mishandles certain kinds of\r\nmalformed input documents, resulting in a segmentation fault during\r\na parse operation. The bug does not appear to allow for remote code\r\nexecution, but is a denial of service attack that in many applications\r\nmay allow for an unauthenticated attacker to supply malformed input\r\nand cause a crash.\r\n\r\nMitigation: Applications that are using library versions older than\r\nV3.1.2 should upgrade as soon as possible. Distributors of older versions\r\nshould apply the patches from this subversion revision:\r\n\r\nhttp://svn.apache.org/viewvc?view=revision&amp;revision=1667870\r\n\r\nCredit: This issue was reported independently by Anton Rager and Jonathan\r\nBrossard from the Salesforce.com Product Security Team and by Ben Laurie\r\nof Google.\r\n\r\nReferences:\r\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJVCzmVAAoJEDeLhFQCJ3lipRoP/RLr+6EyyUBp7PxXi31pHYbv\r\nz7E1GZLZ+349BydmI+28y6QXSjjQIeU1VXHaRdBCpfNqv2rIe7n+s/PvojprdHGZ\r\nOcxg7iPs+mQTxtkTJht1JqT1d4s96BN+DgPDRf7vUzMsu7u6mf9E+Ds2Yajddqgh\r\nzxmsv5YFJlppeAOKDbyaWPfivJS7ubjDK7SQ8Il5N7XHSmVcdGMjGh0Zmbn0mlzk\r\niTp13aoEknYI3M+4OpIgtszOgbsMQnhRwOgAX+0jBHxrWkK4MBNlotY6oPtx6zWt\r\nDjM/JRr9+V59BsQKrNmE/D0csoEf4OeBEgeqmNTjpy8EO+gOgVHWMowUUAVQkMqu\r\n37njc8IyR/JXStdtzJpHsj4HO2PE9ZE1Uy69DCqCDEeGWl61qx4+sg7Ul783dAab\r\nhCAvAO0zLiyPgkNdydmBQWGymHsle+niydNAi+EGj47rEJ7lDhJhl9qVQ0zyMXr4\r\nO1//QwV7BUaRcgQhcbvd71KeDkPBBNvwpYLAXxIpDkI1/2qjo8ANHxzu/EMP8weK\r\nN+KoIEugAab+t1s1qWpgneYXHLy3uE3KvVeNvb/iHsl5nzzFVBkPe+2OCZfWoedJ\r\nt7gAXaZ2htrF2BQl6g/5hm13/6ajmrtNcX0hBjx2VB4VACOtt0bqextaW/w2Vvb4\r\nAcsopfNHOGvXLDJ3JkHS\r\n=l9vC\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-03-21T00:00:00", "title": "Xerces-C Security Advisory [CVE-2015-0252]", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:58", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-0252"], "modified": "2015-03-21T00:00:00", "id": "SECURITYVULNS:DOC:31812", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31812", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-04-08T01:47:41", "references": [], "description": "Exploit for linux platform in category dos / poc", "edition": 2, "reporter": "beford", "published": "2015-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "Apache Xerces-C XML Parser < 3.1.2 - DoS POC", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0252"], "modified": "2015-05-05T00:00:00", "id": "1337DAY-ID-23598", "href": "https://0day.today/exploit/description/23598", "sourceData": "# Exploit Title: Apache Xerces-C XML Parser (< 3.1.2) DoS POC\r\n# Date: 2015-05-03\r\n# Exploit Author: beford\r\n# Vendor Homepage: http://xerces.apache.org/#xerces-c\r\n# Version: Versions prior to 3.1.2\r\n# Tested on: Ubuntu 15.04\r\n# CVE : CVE-2015-0252\r\n \r\nApache Xerces-C XML Parser Crashes on Malformed Input\r\n \r\nI believe this to be the same issue that was reported on CVE-2015-0252,\r\nposting this in case anyone is interested in reproducing it.\r\n \r\nOriginal advisory:\r\nhttps://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt\r\n \r\n$ printf \"\\xff\\xfe\\x00\\x00\\x3c\" > file.xml\r\n \r\n$ DOMPrint ./file.xml # Ubuntu 15.04 libxerces-c3.1 package\r\nSegmentation fault\r\n \r\n$ ./DOMPrint ./file.xml # ASAN Enabled build\r\n=================================================================\r\n==6831==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5d9d87c\r\nat pc 0x836a721 bp 0xbf8127a8 sp 0xbf812798\r\nREAD of size 1 at 0xb5d9d87c thread T0\r\n #0 0x836a720 in xercesc_3_1::XMLReader::refreshRawBuffer()\r\nxercesc/internal/XMLReader.cpp:1719\r\n #1 0x836a720 in xercesc_3_1::XMLReader::xcodeMoreChars(unsigned short*,\r\nunsigned char*, unsigned int) xercesc/internal/XMLReader.cpp:1761\r\n #2 0x837183f in xercesc_3_1::XMLReader::refreshCharBuffer()\r\nxercesc/internal/XMLReader.cpp:576\r\n #3 0x837183f in xercesc_3_1::XMLReader::peekString(unsigned short\r\nconst*) xercesc/internal/XMLReader.cpp:1223\r\n #4 0x83ad0ae in xercesc_3_1::ReaderMgr::peekString(unsigned short\r\nconst*) xercesc/internal/ReaderMgr.hpp:385\r\n #5 0x83ad0ae in xercesc_3_1::XMLScanner::checkXMLDecl(bool)\r\nxercesc/internal/XMLScanner.cpp:1608\r\n #6 0x83b6469 in xercesc_3_1::XMLScanner::scanProlog()\r\nxercesc/internal/XMLScanner.cpp:1244\r\n #7 0x8d69220 in\r\nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner.cpp:206\r\n #8 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short\r\nconst*) xercesc/internal/XMLScanner.cpp:400\r\n #9 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*)\r\nxercesc/internal/XMLScanner.cpp:408\r\n #10 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*)\r\nxercesc/parsers/AbstractDOMParser.cpp:601\r\n #11 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398\r\n #12 0xb6f5272d in __libc_start_main\r\n(/lib/i386-linux-gnu/libc.so.6+0x1872d)\r\n #13 0x805d3b5 (/ramdisk/DOMPrint+0x805d3b5)\r\n \r\n0xb5d9d87c is located 0 bytes to the right of 163964-byte region\r\n[0xb5d75800,0xb5d9d87c)\r\nallocated by thread T0 here:\r\n #0 0xb72c3ae4 in operator new(unsigned int)\r\n(/usr/lib/i386-linux-gnu/libasan.so.1+0x51ae4)\r\n #1 0x8340cce in xercesc_3_1::MemoryManagerImpl::allocate(unsigned int)\r\nxercesc/internal/MemoryManagerImpl.cpp:40\r\n #2 0x8094cb2 in xercesc_3_1::XMemory::operator new(unsigned int,\r\nxercesc_3_1::MemoryManager*) xercesc/util/XMemory.cpp:68\r\n #3 0x8daaaa7 in\r\nxercesc_3_1::IGXMLScanner::scanReset(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner2.cpp:1284\r\n #4 0x8d6912a in\r\nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner.cpp:198\r\n #5 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short\r\nconst*) xercesc/internal/XMLScanner.cpp:400\r\n #6 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*)\r\nxercesc/internal/XMLScanner.cpp:408\r\n #7 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*)\r\nxercesc/parsers/AbstractDOMParser.cpp:601\r\n #8 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398\r\n #9 0xb6f5272d in __libc_start_main\r\n(/lib/i386-linux-gnu/libc.so.6+0x1872d)\r\n \r\nSUMMARY: AddressSanitizer: heap-buffer-overflow\r\nxercesc/internal/XMLReader.cpp:1719\r\nxercesc_3_1::XMLReader::refreshRawBuffer()\n\n# 0day.today [2018-04-08] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/23598"}], "openvas": [{"lastseen": "2018-09-01T23:51:14", "references": ["http://www.debian.org/security/2015/dsa-3199.html"], "pluginID": "1361412562310703199", "description": "Anton Rager and Jonathan Brossard from\nthe Salesforce.com Product Security Team and Ben Laurie of Google discovered a\ndenial of service vulnerability in xerces-c, a validating XML parser library for\nC++. The parser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-03-20T00:00:00", "title": "Debian Security Advisory DSA 3199-1 (xerces-c - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703199", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3199.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3199-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703199\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-0252\");\n script_name(\"Debian Security Advisory DSA 3199-1 (xerces-c - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-20 00:00:00 +0100 (Fri, 20 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3199.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"xerces-c on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 3.1.1-3+deb7u1.\n\nWe recommend that you upgrade your xerces-c packages.\");\n script_tag(name: \"summary\", value: \"Anton Rager and Jonathan Brossard from\nthe Salesforce.com Product Security Team and Ben Laurie of Google discovered a\ndenial of service vulnerability in xerces-c, a validating XML parser library for\nC++. The parser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxerces-c-dev\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c-doc\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c-samples\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c3.1:amd64\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c3.1:i386\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:14", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html", "2015-4226"], "pluginID": "1361412562310869679", "description": "Check the version of xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for xerces-c FEDORA-2015-4226", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xerces-c FEDORA-2015-4226\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869679\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:33:34 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xerces-c FEDORA-2015-4226\");\n script_tag(name: \"summary\", value: \"Check the version of xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\nin a portable subset of C++. Xerces-C makes it easy to give your application the\nability to read and write XML data. A shared library is provided for parsing,\ngenerating, manipulating, and validating XML documents. Xerces-C is faithful to\nthe XML 1.0 recommendation and associated standards: XML 1.0 (Third Edition),\nXML 1.1 (First Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and\nRange, DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,\nNamespaces in XML 1.1, XML Schema, XML Inclusions).\n\");\n script_tag(name: \"affected\", value: \"xerces-c on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4226\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:56", "references": ["2015-4285", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"], "pluginID": "1361412562310869144", "description": "Check the version of xerces-c", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-31T00:00:00", "title": "Fedora Update for xerces-c FEDORA-2015-4285", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869144", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xerces-c FEDORA-2015-4285\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869144\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:08:03 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xerces-c FEDORA-2015-4285\");\n script_tag(name: \"summary\", value: \"Check the version of xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\nin a portable subset of C++. Xerces-C makes it easy to give your application the\nability to read and write XML data. A shared library is provided for parsing,\ngenerating, manipulating, and validating XML documents. Xerces-C is faithful to\nthe XML 1.0 recommendation and associated standards: XML 1.0 (Third Edition),\nXML 1.1 (First Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and\nRange, DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,\nNamespaces in XML 1.1, XML Schema, XML Inclusions).\n\");\n script_tag(name: \"affected\", value: \"xerces-c on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4285\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.1~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:44", "references": ["2015-4251", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"], "pluginID": "1361412562310869143", "description": "Check the version of xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-31T00:00:00", "title": "Fedora Update for xerces-c FEDORA-2015-4251", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869143", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xerces-c FEDORA-2015-4251\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869143\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:08:01 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xerces-c FEDORA-2015-4251\");\n script_tag(name: \"summary\", value: \"Check the version of xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\nin a portable subset of C++. Xerces-C makes it easy to give your application the\nability to read and write XML data. A shared library is provided for parsing,\ngenerating, manipulating, and validating XML documents. Xerces-C is faithful to\nthe XML 1.0 recommendation and associated standards: XML 1.0 (Third Edition),\nXML 1.1 (First Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and\nRange, DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML,\nNamespaces in XML 1.1, XML Schema, XML Inclusions).\n\");\n script_tag(name: \"affected\", value: \"xerces-c on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4251\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.1~8.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:13", "references": ["2015-4321", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"], "pluginID": "1361412562310869151", "description": "Check the version of mingw-xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-31T00:00:00", "title": "Fedora Update for mingw-xerces-c FEDORA-2015-4321", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869151", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869151", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-xerces-c FEDORA-2015-4321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869151\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:08:42 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-xerces-c FEDORA-2015-4321\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\nin a portable subset of C++. Xerces-C makes it easy to give your application the\nability to read and write XML data. A shared library is provided for parsing,\ngenerating, manipulating, and validating XML documents. Xerces-C is faithful to\nthe XML 1.0 recommendation and associated standards\n(DOM 1.0, DOM 2.0. SAX 1.0, SAX 2.0, Namespaces).\n\");\n script_tag(name: \"affected\", value: \"mingw-xerces-c on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4321\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-xerces-c\", rpm:\"mingw-xerces-c~3.1.1~11.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:17", "references": ["2015-4272", "https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"], "pluginID": "1361412562310869524", "description": "Check the version of mingw-xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-07T00:00:00", "title": "Fedora Update for mingw-xerces-c FEDORA-2015-4272", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-xerces-c FEDORA-2015-4272\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869524\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:22:16 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-xerces-c FEDORA-2015-4272\");\n script_tag(name: \"summary\", value: \"Check the version of mingw-xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\nin a portable subset of C++. Xerces-C makes it easy to give your application the\nability to read and write XML data. A shared library is provided for parsing,\ngenerating, manipulating, and validating XML documents. Xerces-C is faithful to\nthe XML 1.0 recommendation and associated standards (DOM 1.0, DOM 2.0. SAX 1.0,\nSAX 2.0, Namespaces).\n\");\n script_tag(name: \"affected\", value: \"mingw-xerces-c on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4272\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-xerces-c\", rpm:\"mingw-xerces-c~3.1.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:23", "references": ["http://linux.oracle.com/errata/ELSA-2015-1193.html"], "pluginID": "1361412562310123088", "description": "Oracle Linux Local Security Checks ELSA-2015-1193", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-1193", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123088", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1193.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123088\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1193\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1193 - xerces-c security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1193\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1193.html\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.1~7.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xerces-c-devel\", rpm:\"xerces-c-devel~3.1.1~7.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xerces-c-doc\", rpm:\"xerces-c-doc~3.1.1~7.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:26", "references": ["http://www.debian.org/security/2015/dsa-3199.html"], "pluginID": "703199", "description": "Anton Rager and Jonathan Brossard from\nthe Salesforce.com Product Security Team and Ben Laurie of Google discovered a\ndenial of service vulnerability in xerces-c, a validating XML parser library for\nC++. The parser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-03-20T00:00:00", "title": "Debian Security Advisory DSA 3199-1 (xerces-c - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703199", "id": "OPENVAS:703199", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3199.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3199-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703199);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0252\");\n script_name(\"Debian Security Advisory DSA 3199-1 (xerces-c - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-20 00:00:00 +0100 (Fri, 20 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3199.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"xerces-c on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 3.1.1-3+deb7u1.\n\nWe recommend that you upgrade your xerces-c packages.\");\n script_tag(name: \"summary\", value: \"Anton Rager and Jonathan Brossard from\nthe Salesforce.com Product Security Team and Ben Laurie of Google discovered a\ndenial of service vulnerability in xerces-c, a validating XML parser library for\nC++. The parser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxerces-c-dev\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c-doc\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c-samples\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c3.1:amd64\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxerces-c3.1:i386\", ver:\"3.1.1-3+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:29", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-June/021228.html", "2015:1193"], "pluginID": "1361412562310882212", "description": "Check the version of xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-07-03T00:00:00", "title": "CentOS Update for xerces-c CESA-2015:1193 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882212", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xerces-c CESA-2015:1193 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882212\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-03 11:19:11 +0530 (Fri, 03 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for xerces-c CESA-2015:1193 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written\n in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML\ndocuments. A remote attacker could provide specially crafted XML input\nthat, when parsed by an application using Xerces-C, would cause that\napplication to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"xerces-c on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1193\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-June/021228.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.1~7.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xerces-c-devel\", rpm:\"xerces-c-devel~3.1.1~7.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xerces-c-doc\", rpm:\"xerces-c-doc~3.1.1~7.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:57", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-June/msg00038.html", "2015:1193-01"], "pluginID": "1361412562310871384", "description": "Check the version of xerces-c", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-30T00:00:00", "title": "RedHat Update for xerces-c RHSA-2015:1193-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871384", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xerces-c RHSA-2015:1193-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871384\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-30 06:27:09 +0200 (Tue, 30 Jun 2015)\");\n script_cve_id(\"CVE-2015-0252\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for xerces-c RHSA-2015:1193-01\");\n script_tag(name: \"summary\", value: \"Check the version of xerces-c\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Xerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML\ndocuments. A remote attacker could provide specially crafted XML input\nthat, when parsed by an application using Xerces-C, would cause that\napplication to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"xerces-c on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:1193-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-June/msg00038.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xerces-c\", rpm:\"xerces-c~3.1.1~7.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xerces-c-debuginfo\", rpm:\"xerces-c-debuginfo~3.1.1~7.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:13", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "3.1.1-1+deb6u1", "arch": "all", "packageFilename": "libxerces-c3.1_3.1.1-1+deb6u1_all.deb", "packageName": "libxerces-c3.1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.1.1-1+deb6u1", "arch": "all", "packageFilename": "xerces-c_3.1.1-1+deb6u1_all.deb", "packageName": "xerces-c", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.1.1-1+deb6u1", "arch": "all", "packageFilename": "libxerces-c-samples_3.1.1-1+deb6u1_all.deb", "packageName": "libxerces-c-samples", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.1.1-1+deb6u1", "arch": "all", "packageFilename": "libxerces-c-dev_3.1.1-1+deb6u1_all.deb", "packageName": "libxerces-c-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "3.1.1-1+deb6u1", "arch": "all", "packageFilename": "libxerces-c-doc_3.1.1-1+deb6u1_all.deb", "packageName": "libxerces-c-doc", "operator": "lt"}], "description": "Package : xerces-c\nVersion : 3.1.1-1+deb6u1\nCVE ID : CVE-2015-0252\nDebian Bug : 780827\n\nAnton Rager and Jonathan Brossard from the Salesforce.com Product\nSecurity Team and Ben Laurie of Google discovered a denial of service\nvulnerability in xerces-c, a validating XML parser library for C++. The\nparser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.\n", "edition": 1, "reporter": "Debian", "published": "2015-03-27T21:15:27", "title": "[SECURITY] [DLA 181-1] xerces-c security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:13", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "modified": "2015-03-27T21:15:27", "id": "DEBIAN:DLA-181-1:20BFE", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00018.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:31", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "3.1.1-3+deb7u1", "arch": "all", "packageFilename": "xerces-c_3.1.1-3+deb7u1_all.deb", "packageName": "xerces-c", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3199-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nMarch 20, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xerces-c\nCVE ID : CVE-2015-0252\nDebian Bug : 780827\n\nAnton Rager and Jonathan Brossard from the Salesforce.com Product\nSecurity Team and Ben Laurie of Google discovered a denial of service\nvulnerability in xerces-c, a validating XML parser library for C++. The\nparser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.1-3+deb7u1.\n\nWe recommend that you upgrade your xerces-c packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-03-20T18:36:58", "title": "[SECURITY] [DSA 3199-1] xerces-c security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:48:31", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "modified": "2015-03-20T18:36:58", "id": "DEBIAN:DSA-3199-1:93400", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00084.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-04T04:37:33", "osvdbidlist": ["119811"], "references": [], "description": "Apache Xerces-C XML Parser < 3.1.2 - DoS POC. CVE-2015-0252. Dos exploit for linux platform", "edition": 1, "reporter": "beford", "published": "2015-05-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Apache Xerces-C XML Parser < 3.1.2 - DoS POC", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0252"], "modified": "2015-05-04T00:00:00", "id": "EDB-ID:36906", "href": "https://www.exploit-db.com/exploits/36906/", "sourceData": "# Exploit Title: Apache Xerces-C XML Parser (< 3.1.2) DoS POC\r\n# Date: 2015-05-03\r\n# Exploit Author: beford\r\n# Vendor Homepage: http://xerces.apache.org/#xerces-c\r\n# Version: Versions prior to 3.1.2\r\n# Tested on: Ubuntu 15.04\r\n# CVE : CVE-2015-0252\r\n\r\nApache Xerces-C XML Parser Crashes on Malformed Input\r\n\r\nI believe this to be the same issue that was reported on CVE-2015-0252,\r\nposting this in case anyone is interested in reproducing it.\r\n\r\nOriginal advisory:\r\nhttps://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt\r\n\r\n$ printf \"\\xff\\xfe\\x00\\x00\\x3c\" > file.xml\r\n\r\n$ DOMPrint ./file.xml # Ubuntu 15.04 libxerces-c3.1 package\r\nSegmentation fault\r\n\r\n$ ./DOMPrint ./file.xml # ASAN Enabled build\r\n=================================================================\r\n==6831==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5d9d87c\r\nat pc 0x836a721 bp 0xbf8127a8 sp 0xbf812798\r\nREAD of size 1 at 0xb5d9d87c thread T0\r\n #0 0x836a720 in xercesc_3_1::XMLReader::refreshRawBuffer()\r\nxercesc/internal/XMLReader.cpp:1719\r\n #1 0x836a720 in xercesc_3_1::XMLReader::xcodeMoreChars(unsigned short*,\r\nunsigned char*, unsigned int) xercesc/internal/XMLReader.cpp:1761\r\n #2 0x837183f in xercesc_3_1::XMLReader::refreshCharBuffer()\r\nxercesc/internal/XMLReader.cpp:576\r\n #3 0x837183f in xercesc_3_1::XMLReader::peekString(unsigned short\r\nconst*) xercesc/internal/XMLReader.cpp:1223\r\n #4 0x83ad0ae in xercesc_3_1::ReaderMgr::peekString(unsigned short\r\nconst*) xercesc/internal/ReaderMgr.hpp:385\r\n #5 0x83ad0ae in xercesc_3_1::XMLScanner::checkXMLDecl(bool)\r\nxercesc/internal/XMLScanner.cpp:1608\r\n #6 0x83b6469 in xercesc_3_1::XMLScanner::scanProlog()\r\nxercesc/internal/XMLScanner.cpp:1244\r\n #7 0x8d69220 in\r\nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner.cpp:206\r\n #8 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short\r\nconst*) xercesc/internal/XMLScanner.cpp:400\r\n #9 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*)\r\nxercesc/internal/XMLScanner.cpp:408\r\n #10 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*)\r\nxercesc/parsers/AbstractDOMParser.cpp:601\r\n #11 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398\r\n #12 0xb6f5272d in __libc_start_main\r\n(/lib/i386-linux-gnu/libc.so.6+0x1872d)\r\n #13 0x805d3b5 (/ramdisk/DOMPrint+0x805d3b5)\r\n\r\n0xb5d9d87c is located 0 bytes to the right of 163964-byte region\r\n[0xb5d75800,0xb5d9d87c)\r\nallocated by thread T0 here:\r\n #0 0xb72c3ae4 in operator new(unsigned int)\r\n(/usr/lib/i386-linux-gnu/libasan.so.1+0x51ae4)\r\n #1 0x8340cce in xercesc_3_1::MemoryManagerImpl::allocate(unsigned int)\r\nxercesc/internal/MemoryManagerImpl.cpp:40\r\n #2 0x8094cb2 in xercesc_3_1::XMemory::operator new(unsigned int,\r\nxercesc_3_1::MemoryManager*) xercesc/util/XMemory.cpp:68\r\n #3 0x8daaaa7 in\r\nxercesc_3_1::IGXMLScanner::scanReset(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner2.cpp:1284\r\n #4 0x8d6912a in\r\nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&)\r\nxercesc/internal/IGXMLScanner.cpp:198\r\n #5 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short\r\nconst*) xercesc/internal/XMLScanner.cpp:400\r\n #6 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*)\r\nxercesc/internal/XMLScanner.cpp:408\r\n #7 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*)\r\nxercesc/parsers/AbstractDOMParser.cpp:601\r\n #8 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398\r\n #9 0xb6f5272d in __libc_start_main\r\n(/lib/i386-linux-gnu/libc.so.6+0x1872d)\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow\r\nxercesc/internal/XMLReader.cpp:1719\r\nxercesc_3_1::XMLReader::refreshRawBuffer()\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/36906/"}], "nessus": [{"lastseen": "2018-09-01T23:59:01", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1199103", "http://www.nessus.org/u?d10b589b"], "pluginID": "82436", "description": "Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "Fedora 21 : xerces-c-3.1.1-8.fc21 (2015-4251)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:xerces-c"], "id": "FEDORA_2015-4251.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82436", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4251.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82436);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_xref(name:\"FEDORA\", value:\"2015-4251\");\n\n script_name(english:\"Fedora 21 : xerces-c-3.1.1-8.fc21 (2015-4251)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d10b589b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xerces-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"xerces-c-3.1.1-8.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xerces-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:48", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-June/005182.html"], "pluginID": "84463", "description": "From Red Hat Security Advisory 2015:1193 :\n\nAn updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2015-06-30T00:00:00", "title": "Oracle Linux 7 : xerces-c (ELSA-2015-1193)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xerces-c", "p-cpe:/a:oracle:linux:xerces-c-doc", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:xerces-c-devel"], "id": "ORACLELINUX_ELSA-2015-1193.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1193 and \n# Oracle Linux Security Advisory ELSA-2015-1193 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84463);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:58\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"RHSA\", value:\"2015:1193\");\n\n script_name(english:\"Oracle Linux 7 : xerces-c (ELSA-2015-1193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1193 :\n\nAn updated xerces-c package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of\nC++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain\nXML documents. A remote attacker could provide specially crafted XML\ninput that, when parsed by an application using Xerces-C, would cause\nthat application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-June/005182.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xerces-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xerces-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xerces-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xerces-c-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xerces-c-devel-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"xerces-c-doc-3.1.1-7.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xerces-c / xerces-c-devel / xerces-c-doc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T16:46:48", "references": ["http://rhn.redhat.com/errata/RHSA-2015-1193.html", "https://www.redhat.com/security/data/cve/CVE-2015-0252.html"], "pluginID": "84465", "description": "An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 8, "reporter": "Tenable", "published": "2015-06-30T00:00:00", "title": "RHEL 7 : xerces-c (RHSA-2015:1193)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-10-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:xerces-c-devel", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:xerces-c-doc", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:xerces-c-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:xerces-c", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2015-1193.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84465);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/10/17 12:00:18\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"RHSA\", value:\"2015:1193\");\n\n script_name(english:\"RHEL 7 : xerces-c (RHSA-2015:1193)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xerces-c package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of\nC++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain\nXML documents. A remote attacker could provide specially crafted XML\ninput that, when parsed by an application using Xerces-C, would cause\nthat application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2015-1193.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-0252.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-c-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xerces-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"xerces-c-3.1.1-7.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xerces-c-debuginfo-3.1.1-7.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xerces-c-devel-3.1.1-7.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"xerces-c-doc-3.1.1-7.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xerces-c / xerces-c-debuginfo / xerces-c-devel / xerces-c-doc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:51", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1199103", "http://www.nessus.org/u?8dfccaff"], "pluginID": "82437", "description": "Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "Fedora 20 : xerces-c-3.1.1-6.fc20 (2015-4285)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xerces-c", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-4285.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4285.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82437);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"FEDORA\", value:\"2015-4285\");\n\n script_name(english:\"Fedora 20 : xerces-c-3.1.1-6.fc20 (2015-4285)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dfccaff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xerces-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"xerces-c-3.1.1-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xerces-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:19", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1199103", "http://www.nessus.org/u?46729a4f"], "pluginID": "82434", "description": "Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "Fedora 20 : mingw-xerces-c-3.1.1-9.fc20 (2015-4228)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-xerces-c", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-4228.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4228.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82434);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"FEDORA\", value:\"2015-4228\");\n\n script_name(english:\"Fedora 20 : mingw-xerces-c-3.1.1-9.fc20 (2015-4228)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46729a4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-xerces-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-xerces-c-3.1.1-9.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-xerces-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:21", "references": ["http://www.nessus.org/u?1bbe890b"], "pluginID": "84445", "description": "An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2015-06-30T00:00:00", "title": "CentOS 7 : xerces-c (CESA-2015:1193)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-07-02T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:xerces-c", "p-cpe:/a:centos:centos:xerces-c-devel", "p-cpe:/a:centos:centos:xerces-c-doc"], "id": "CENTOS_RHSA-2015-1193.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84445", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1193 and \n# CentOS Errata and Security Advisory 2015:1193 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84445);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"RHSA\", value:\"2015:1193\");\n\n script_name(english:\"CentOS 7 : xerces-c (CESA-2015:1193)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xerces-c package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nXerces-C is a validating XML parser written in a portable subset of\nC++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain\nXML documents. A remote attacker could provide specially crafted XML\ninput that, when parsed by an application using Xerces-C, would cause\nthat application to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-June/021228.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bbe890b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xerces-c packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xerces-c-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xerces-c-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xerces-c-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xerces-c-devel-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"xerces-c-doc-3.1.1-7.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:13", "references": ["http://www.nessus.org/u?d7f618e2"], "pluginID": "84541", "description": "A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. (CVE-2015-0252)", "edition": 4, "reporter": "Tenable", "published": "2015-07-06T00:00:00", "title": "Scientific Linux Security Update : xerces-c on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-07-06T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150629_XERCES_C_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84541);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/07/06 13:45:36 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n\n script_name(english:\"Scientific Linux Security Update : xerces-c on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the Xerces-C XML parser processed certain\nXML documents. A remote attacker could provide specially crafted XML\ninput that, when parsed by an application using Xerces-C, would cause\nthat application to crash. (CVE-2015-0252)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=14887\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7f618e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xerces-c-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xerces-c-debuginfo-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"xerces-c-devel-3.1.1-7.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"xerces-c-doc-3.1.1-7.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:06", "references": ["http://www.nessus.org/u?760a4166", "https://bugzilla.redhat.com/show_bug.cgi?id=1199103"], "pluginID": "82439", "description": "Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "Fedora 21 : mingw-xerces-c-3.1.1-11.fc21 (2015-4321)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:mingw-xerces-c"], "id": "FEDORA_2015-4321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4321.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82439);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"FEDORA\", value:\"2015-4321\");\n\n script_name(english:\"Fedora 21 : mingw-xerces-c-3.1.1-11.fc21 (2015-4321)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?760a4166\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-xerces-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-xerces-c-3.1.1-11.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-xerces-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:13", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1199103", "http://www.nessus.org/u?324af1db"], "pluginID": "82285", "description": "Update to xerces-c 3.1.2, fixing CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-27T00:00:00", "title": "Fedora 22 : mingw-xerces-c-3.1.2-1.fc22 (2015-4272)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-xerces-c", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-4272.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4272.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82285);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n script_xref(name:\"FEDORA\", value:\"2015-4272\");\n\n script_name(english:\"Fedora 22 : mingw-xerces-c-3.1.2-1.fc22 (2015-4272)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to xerces-c 3.1.2, fixing CVE-2015-0252.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?324af1db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-xerces-c package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-xerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-xerces-c-3.1.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-xerces-c\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:49", "references": ["http://www.nessus.org/u?7bc9eb9b", "https://bugzilla.suse.com/920810", "http://support.novell.com/security/cve/CVE-2015-0252.html"], "pluginID": "83706", "description": "The Xerces-C XML parsing library was updated to fix mishandling certain kinds of malformed input documents, that could have resulted in a segmentation faults during a parse operation, leading to denial of service or potential code execution. (bnc#920810,CVE-2015-0252)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "SUSE SLED12 Security Update : Xerces-C (SUSE-SU-2015:0597-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0252"], "modified": "2018-07-31T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xerces-c-debuginfo", "p-cpe:/a:novell:suse_linux:libxerces-c-3_1", "p-cpe:/a:novell:suse_linux:libxerces-c", "p-cpe:/a:novell:suse_linux:xerces-c-debugsource", "p-cpe:/a:novell:suse_linux:libxerces-c-3_1-debuginfo"], "id": "SUSE_SU-2015-0597-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0597-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83706);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/31 17:27:54\");\n\n script_cve_id(\"CVE-2015-0252\");\n script_bugtraq_id(73252);\n\n script_name(english:\"SUSE SLED12 Security Update : Xerces-C (SUSE-SU-2015:0597-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Xerces-C XML parsing library was updated to fix mishandling\ncertain kinds of malformed input documents, that could have resulted\nin a segmentation faults during a parse operation, leading to denial\nof service or potential code execution. (bnc#920810,CVE-2015-0252)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0252.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/920810\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150597-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7bc9eb9b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-144=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-144=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxerces-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxerces-c-3_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxerces-c-3_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xerces-c-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xerces-c-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxerces-c-3_1-3.1.1-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxerces-c-3_1-32bit-3.1.1-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxerces-c-3_1-debuginfo-3.1.1-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libxerces-c-3_1-debuginfo-32bit-3.1.1-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xerces-c-debuginfo-3.1.1-4.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"xerces-c-debugsource-3.1.1-4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xerces-C\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:18", "references": [], "edition": 1, "description": "", "reporter": "beford", "published": "2015-05-05T00:00:00", "type": "packetstorm", "title": "Apache Xerces-C XML Parser Denial Of Service", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0252"], "modified": "2015-05-05T00:00:00", "href": "https://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html", "id": "PACKETSTORM:131756", "sourceData": "`# Exploit Title: Apache Xerces-C XML Parser (< 3.1.2) DoS POC \n# Date: 2015-05-03 \n# Exploit Author: beford \n# Vendor Homepage: http://xerces.apache.org/#xerces-c \n# Version: Versions prior to 3.1.2 \n# Tested on: Ubuntu 15.04 \n# CVE : CVE-2015-0252 \n \nApache Xerces-C XML Parser Crashes on Malformed Input \n \nI believe this to be the same issue that was reported on CVE-2015-0252, \nposting this in case anyone is interested in reproducing it. \n \nOriginal advisory: \nhttps://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt \n \n$ printf \"\\xff\\xfe\\x00\\x00\\x3c\" > file.xml \n \n$ DOMPrint ./file.xml # Ubuntu 15.04 libxerces-c3.1 package \nSegmentation fault \n \n$ ./DOMPrint ./file.xml # ASAN Enabled build \n================================================================= \n==6831==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5d9d87c \nat pc 0x836a721 bp 0xbf8127a8 sp 0xbf812798 \nREAD of size 1 at 0xb5d9d87c thread T0 \n#0 0x836a720 in xercesc_3_1::XMLReader::refreshRawBuffer() \nxercesc/internal/XMLReader.cpp:1719 \n#1 0x836a720 in xercesc_3_1::XMLReader::xcodeMoreChars(unsigned short*, \nunsigned char*, unsigned int) xercesc/internal/XMLReader.cpp:1761 \n#2 0x837183f in xercesc_3_1::XMLReader::refreshCharBuffer() \nxercesc/internal/XMLReader.cpp:576 \n#3 0x837183f in xercesc_3_1::XMLReader::peekString(unsigned short \nconst*) xercesc/internal/XMLReader.cpp:1223 \n#4 0x83ad0ae in xercesc_3_1::ReaderMgr::peekString(unsigned short \nconst*) xercesc/internal/ReaderMgr.hpp:385 \n#5 0x83ad0ae in xercesc_3_1::XMLScanner::checkXMLDecl(bool) \nxercesc/internal/XMLScanner.cpp:1608 \n#6 0x83b6469 in xercesc_3_1::XMLScanner::scanProlog() \nxercesc/internal/XMLScanner.cpp:1244 \n#7 0x8d69220 in \nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&) \nxercesc/internal/IGXMLScanner.cpp:206 \n#8 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short \nconst*) xercesc/internal/XMLScanner.cpp:400 \n#9 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*) \nxercesc/internal/XMLScanner.cpp:408 \n#10 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*) \nxercesc/parsers/AbstractDOMParser.cpp:601 \n#11 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398 \n#12 0xb6f5272d in __libc_start_main \n(/lib/i386-linux-gnu/libc.so.6+0x1872d) \n#13 0x805d3b5 (/ramdisk/DOMPrint+0x805d3b5) \n \n0xb5d9d87c is located 0 bytes to the right of 163964-byte region \n[0xb5d75800,0xb5d9d87c) \nallocated by thread T0 here: \n#0 0xb72c3ae4 in operator new(unsigned int) \n(/usr/lib/i386-linux-gnu/libasan.so.1+0x51ae4) \n#1 0x8340cce in xercesc_3_1::MemoryManagerImpl::allocate(unsigned int) \nxercesc/internal/MemoryManagerImpl.cpp:40 \n#2 0x8094cb2 in xercesc_3_1::XMemory::operator new(unsigned int, \nxercesc_3_1::MemoryManager*) xercesc/util/XMemory.cpp:68 \n#3 0x8daaaa7 in \nxercesc_3_1::IGXMLScanner::scanReset(xercesc_3_1::InputSource const&) \nxercesc/internal/IGXMLScanner2.cpp:1284 \n#4 0x8d6912a in \nxercesc_3_1::IGXMLScanner::scanDocument(xercesc_3_1::InputSource const&) \nxercesc/internal/IGXMLScanner.cpp:198 \n#5 0x83cd3e7 in xercesc_3_1::XMLScanner::scanDocument(unsigned short \nconst*) xercesc/internal/XMLScanner.cpp:400 \n#6 0x83ce728 in xercesc_3_1::XMLScanner::scanDocument(char const*) \nxercesc/internal/XMLScanner.cpp:408 \n#7 0x849afc5 in xercesc_3_1::AbstractDOMParser::parse(char const*) \nxercesc/parsers/AbstractDOMParser.cpp:601 \n#8 0x8050bf2 in main src/DOMPrint/DOMPrint.cpp:398 \n#9 0xb6f5272d in __libc_start_main \n(/lib/i386-linux-gnu/libc.so.6+0x1872d) \n \nSUMMARY: AddressSanitizer: heap-buffer-overflow \nxercesc/internal/XMLReader.cpp:1719 \nxercesc_3_1::XMLReader::refreshRawBuffer() \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/131756/apachexercescxml-dos.txt"}], "kaspersky": [{"lastseen": "2018-10-18T16:04:52", "references": [], "description": "### *CVSS*:\n5.0\n\n### *Detect date*:\n03/24/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Apache Xerces-C. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed XML data.\n\n### *Affected products*:\nApache Xerces-C versions earlier than 3.1.2\n\n### *Solution*:\nUpdate to latest version! \n[Get Apache Xerces-C](<http://xerces.apache.org/xerces-c/download.cgi>)\n\n### *Original advisories*:\n[Apache bulletin](<http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Xerces](<https://threats.kaspersky.com/en/product/Xerces/>)\n\n### *CVE-IDS*:\n[CVE-2015-0252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0252>)", "edition": 17, "reporter": "Kaspersky Lab", "published": "2015-03-24T00:00:00", "title": "\r KLA10496Denial of service vulnerability in Apache Xerces ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0252"], "modified": "2018-10-16T00:00:00", "id": "KLA10496", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10496", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:28", "references": ["https://rhn.redhat.com/errata/RHSA-2015-1193.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-3.1.1-7.el7_1.src.rpm", "packageName": "xerces-c", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-doc-3.1.1-7.el7_1.noarch.rpm", "packageName": "xerces-c-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "packageFilename": "xerces-c-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:1193\n\n\nXerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML\ndocuments. A remote attacker could provide specially crafted XML input\nthat, when parsed by an application using Xerces-C, would cause that\napplication to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-June/021228.html\n\n**Affected packages:**\nxerces-c\nxerces-c-devel\nxerces-c-doc\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1193.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-06-29T16:37:38", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "xerces security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "modified": "2015-06-29T16:37:38", "href": "http://lists.centos.org/pipermail/centos-announce/2015-June/021228.html", "id": "CESA-2015:1193", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "i686", "packageFilename": "xerces-c-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "noarch", "packageFilename": "xerces-c-doc-3.1.1-7.el7_1.noarch.rpm", "packageName": "xerces-c-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "x86_64", "packageFilename": "xerces-c-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "x86_64", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "src", "packageFilename": "xerces-c-3.1.1-7.el7_1.src.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "i686", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c-devel", "operator": "lt"}], "description": "[3.1.1-7]\nResolves: rhbz#1217104 CVE-2015-0252", "edition": 3, "reporter": "Oracle", "published": "2015-06-29T00:00:00", "title": "xerces-c security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "modified": "2015-06-29T00:00:00", "id": "ELSA-2015-1193", "href": "http://linux.oracle.com/errata/ELSA-2015-1193.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-04-15T16:21:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "x86_64", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "i686", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "src", "packageFilename": "xerces-c-3.1.1-7.el7_1.src.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "i686", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "i686", "packageFilename": "xerces-c-3.1.1-7.el7_1.i686.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "x86_64", "packageFilename": "xerces-c-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "noarch", "packageFilename": "xerces-c-doc-3.1.1-7.el7_1.noarch.rpm", "packageName": "xerces-c-doc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "x86_64", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.x86_64.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc64", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.ppc64.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.ppc.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc64", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.ppc64.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.ppc.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc", "packageFilename": "xerces-c-3.1.1-7.el7_1.ppc.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "ppc64", "packageFilename": "xerces-c-3.1.1-7.el7_1.ppc64.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390x", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.s390x.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390", "packageFilename": "xerces-c-debuginfo-3.1.1-7.el7_1.s390.rpm", "packageName": "xerces-c-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.s390.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390x", "packageFilename": "xerces-c-devel-3.1.1-7.el7_1.s390x.rpm", "packageName": "xerces-c-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390", "packageFilename": "xerces-c-3.1.1-7.el7_1.s390.rpm", "packageName": "xerces-c", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.1.1-7.el7_1", "arch": "s390x", "packageFilename": "xerces-c-3.1.1-7.el7_1.s390x.rpm", "packageName": "xerces-c", "operator": "lt"}], "description": "Xerces-C is a validating XML parser written in a portable subset of C++.\n\nA flaw was found in the way the Xerces-C XML parser processed certain XML\ndocuments. A remote attacker could provide specially crafted XML input\nthat, when parsed by an application using Xerces-C, would cause that\napplication to crash. (CVE-2015-0252)\n\nAll xerces-c users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n", "reporter": "RedHat", "published": "2015-06-29T04:00:00", "type": "redhat", "title": "(RHSA-2015:1193) Moderate: xerces-c security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:05", "id": "RHSA-2015:1193", "href": "https://access.redhat.com/errata/RHSA-2015:1193", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "references": ["https://bugs.archlinux.org/task/44272", "https://access.redhat.com/security/cve/CVE-2015-0252", "https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "3.1.2-1", "packageName": "xerces-c", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2015-0252 (denial of service)\n\nThe Xerces-C XML parser mishandles certain kinds of malformed input\ndocuments, resulting in a segmentation fault during a parse operation.\nThe bug does not appear to allow for remote code execution, but is a\ndenial of service attack that in many applications may allow for an\nunauthenticated attacker to supply malformed input and cause a crash.", "reporter": "Arch Linux", "published": "2015-03-20T00:00:00", "title": "xerces-c: denial of service", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0252"], "modified": "2015-03-20T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html", "id": "ASA-201503-19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oracle": [{"lastseen": "2018-10-20T04:31:57", "references": [], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2456979.1>).\n", "edition": 4, "reporter": "Oracle", "published": "2018-10-19T00:00:00", "title": "CPU Oct 2018", "type": "oracle", "enchantments": {"score": {"modified": "2018-10-20T04:31:57", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Java SE, Java SE Embedded, JRockit", "version": "6u201", "operator": "le"}, {"name": "Oracle GoldenGate for Big Data", "version": "12.3.2.1", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.3", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.2.2", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.1", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "3.1.0", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "16.0", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.6", "operator": "le"}, {"name": "Primavera Unifier", "version": "18.1", "operator": "le"}, {"name": "Oracle Hospitality Reporting and Analytics", "version": "9.0", "operator": "le"}, {"name": "Oracle Retail Sales Audit", "version": "15.0", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.3", "operator": "le"}, {"name": "Oracle Hospitality Guest Access", "version": "4.2.0", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.6.1", "operator": "le"}, {"name": "Oracle Fusion Middleware MapViewer", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Service Bus", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.2.5", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "6u201", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "17.7", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "17.0.2", "operator": "le"}, {"name": "Oracle Text", "version": "12.2.0.1", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.8.3", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "11.1", "operator": "le"}, {"name": "Oracle User Management", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Hospitality Cruise Fleet Management", "version": "9.0", "operator": "le"}, {"name": "Spatial", "version": "2.1", "operator": "le"}, {"name": "Primavera Gateway", "version": "15.2", "operator": "le"}, {"name": "Java SE", "version": "8u181", "operator": "le"}, {"name": "Oracle Retail Returns Management", "version": "14.1", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "8.0.2.8191", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Communications Application Session Controller", "version": "3.7.1M0", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "15.0.2", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.4", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.57", "operator": "le"}, {"name": "Oracle Hospitality Gift and Loyalty", "version": "9.1", "operator": "le"}, {"name": "Oracle Identity Analytics", "version": "11.1.1.5.8", "operator": "le"}, {"name": "Siebel UI Framework", "version": "18.9", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.6.0", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.6", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u181", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.1.3", "operator": "le"}, {"name": "Enterprise Manager Ops Center", "version": "12.3.3", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.1", "operator": "le"}, {"name": "MySQL Server", "version": "8.0.12", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "15.2", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.2", "operator": "le"}, {"name": "Oracle Hospitality Guest Access", "version": "4.2.1", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "12.2.1.4.0", "operator": "le"}, {"name": "PeopleSoft Enterprise Interaction Hub", "version": "9.1.0.0", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.1", "operator": "le"}, {"name": "Primavera Unifier", "version": "17.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "11", "operator": "le"}, {"name": "Spatial", "version": "2.0", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.4", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.61", "operator": "le"}, {"name": "Oracle WebCenter Portal", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "15.0", "operator": "le"}, {"name": "Oracle Hospitality Cruise Shipboard Property Management System", "version": "8.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.55", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "3.2.0", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Solaris", "version": "11.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.7", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.4", "operator": "le"}, {"name": "Oracle GoldenGate for Big Data", "version": "12.3.1.1", "operator": "le"}, {"name": "Primavera Unifier", "version": "15.1", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Virtual Directory", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "5.1", "operator": "le"}, {"name": "Oracle Identity Management Suite", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Insurance Calculation Engine", "version": "10.2.1", "operator": "le"}, {"name": "Enterprise Manager for MySQL Database", "version": "13.2", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Communications Performance Intelligence Center (PIC) Software", "version": "10.2.1", "operator": "le"}, {"name": "Primavera Gateway", "version": "17.12", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.5.0", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Enterprise Repository", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Java SE", "version": "11", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.1", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.56", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u191", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Retail Predictive Application Server", "version": "14.0", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.3", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Hospitality Reporting and Analytics", "version": "9.1", "operator": "le"}, {"name": "Oracle Retail Open Commerce Platform", "version": "5.3", "operator": "le"}, {"name": "Oracle User Management", "version": "12.2.4", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "12.1.1", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "16.0", "operator": "le"}, {"name": "Primavera Gateway", "version": "16.2", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "13.2", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.2.5", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Communications Instant Messaging Server", "version": "10.0.1", "operator": "le"}, {"name": "Oracle Communications User Data Repository", "version": "12.2.0", "operator": "le"}, {"name": "Oracle API Gateway", "version": "11.1.2.4.0", "operator": "le"}, {"name": "Oracle User Management", "version": "12.2.7", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Enterprise Repository", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "15.0", "operator": "le"}, {"name": "Oracle Retail Central Office", "version": "14.1", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Orchestrator", "version": "9.2", "operator": "le"}, {"name": "Oracle Banking Platform", "version": "2.6.2", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.4", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.1.2", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "8.4", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "15.1", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.8.1", "operator": "le"}, {"name": "Oracle Retail Financial Integration", "version": "14.1", "operator": "le"}, {"name": "Hyperion Common Events", "version": "11.1.2.4", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.1.1", "operator": "le"}, {"name": "Solaris", "version": "10", "operator": "le"}, {"name": "Oracle Demantra Demand Management", "version": "12.2", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Studio", "version": "3.2.0", "operator": "le"}, {"name": "Oracle GoldenGate", "version": "12.1.2.1.0", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.2.6", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "12.2.1.4.0", "operator": "le"}, {"name": "Oracle User Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "11.0", "operator": "le"}, {"name": "OSS Support Tools", "version": "18.4", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "14.1", "operator": "le"}, {"name": "Oracle Retail Predictive Application Server", "version": "16.0", "operator": "le"}, {"name": "MICROS Retail-J", "version": "12.1.2", "operator": "le"}, {"name": "Instantis EnterpriseTrack", "version": "17.3", "operator": "le"}, {"name": "Oracle iLearning", "version": "6.2", "operator": "le"}, {"name": "Oracle Retail Assortment Planning", "version": "14.1", "operator": "le"}, {"name": "Oracle Retail Customer Management and Segmentation Foundation", "version": "17.0", "operator": "le"}, {"name": "Oracle GoldenGate", "version": "12.2.0.2.0", "operator": "le"}, {"name": "Siebel UI Framework", "version": "18.8", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "16.2", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2.0", "operator": "le"}, {"name": "MICROS Lucas", "version": "2.9.5", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.5", "operator": "le"}, {"name": "MICROS PC Workstation 2015", "version": "01.3.0.2i", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.5.0", "operator": "le"}, {"name": "Oracle Agile Product Lifecycle Management for Process", "version": "6.2.0.0", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.1.2", "operator": "le"}, {"name": "Siebel Apps - Marketing", "version": "18.9", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.3", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Retail Assortment Planning", "version": "15.0", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Invoice Matching", "version": "15.0", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.4", "operator": "le"}, {"name": "BI Publisher (formerly XML Publisher)", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Retail Open Commerce Platform", "version": "6.0", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.5", "operator": "le"}, {"name": "Java VM", "version": "18c", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Text", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.6", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1.3", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "5.0", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.1.3", "operator": "le"}, {"name": "Oracle Retail Integration Bus", "version": "14.1.2", "operator": "le"}, {"name": "Oracle User Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Retail Extract Transform and Load", "version": "13.1", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.6.0", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Real-Time Decision Server", "version": "3.2.1", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "16.1", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.3", "operator": "le"}, {"name": "Oracle Hospitality Materials Control", "version": "18.1", "operator": "le"}, {"name": "Oracle Retail Order Broker", "version": "5.2", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.6", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.23", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "4.0.6.5281", "operator": "le"}, {"name": "Oracle Endeca Server", "version": "7.7.0", "operator": "le"}, {"name": "Oracle Retail Financial Integration", "version": "16.0", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.1.7", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1.3.20180913", "operator": "le"}, {"name": "Instantis EnterpriseTrack", "version": "17.1", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "14.0", "operator": "le"}, {"name": "Oracle Retail Financial Integration", "version": "13.2", "operator": "le"}, {"name": "Oracle Retail Open Commerce Platform", "version": "6.0.0", "operator": "le"}, {"name": "Oracle Text", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Retail Allocation", "version": "16.0", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Email Center", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.7", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "8.0.2", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.7.0", "operator": "le"}, {"name": "Oracle Demantra Demand Management", "version": "7.3.5", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.41", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers", "version": "2352", "operator": "le"}, {"name": "Oracle Retail Open Commerce Platform", "version": "5.3.0", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Retail Predictive Application Server", "version": "14.1", "operator": "le"}, {"name": "Hyperion Essbase Administration Services", "version": "11.1.2.4", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u191", "operator": "le"}, {"name": "Oracle Service Bus", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Communications Performance Intelligence Center (PIC) Software", "version": "10.2.0", "operator": "le"}, {"name": "Primavera P6 Enterprise Project Portfolio Management", "version": "18.8", "operator": "le"}, {"name": "Rapid Home Provisioning", "version": "18c", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.2.1.3", "operator": "le"}, {"name": "Oracle GoldenGate for Big Data", "version": "12.2.0.1", "operator": "le"}, {"name": "MICROS Retail-J", "version": "13.0.0", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1123", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Financial Integration", "version": "15.0", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.5", "operator": "le"}, {"name": "Oracle Communications MetaSolv Solution", "version": "6.3.0", "operator": "le"}, {"name": "Siebel Apps - Marketing", "version": "18.8", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "8u181", "operator": "le"}, {"name": "Oracle Big Data Discovery", "version": "1.6.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Fusion Middleware MapViewer", "version": "12.2.1.3", "operator": "le"}, {"name": "Hyperion BI+", "version": "11.1.2.4", "operator": "le"}, {"name": "Oracle GoldenGate", "version": "12.3.0.1.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "Oracle E-Business Intelligence", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Virtual Directory", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.3", "operator": "le"}, {"name": "Primavera Unifier", "version": "15.2", "operator": "le"}, {"name": "Oracle Adaptive Access Manager", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "3.1.0", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Insurance Calculation Engine", "version": "10.1.1", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.2", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0", "operator": "le"}, {"name": "Hyperion Data Relationship Management", "version": "11.1.2.4.345", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "18.7", "operator": "le"}, {"name": "Oracle Configuration Manager", "version": "12.1.2.0.5", "operator": "le"}, {"name": "MICROS XBRi", "version": "10.8.2", "operator": "le"}, {"name": "Oracle Endeca Server", "version": "7.6.1", "operator": "le"}, {"name": "Oracle iProcurement", "version": "12.1.2", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.2.7", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Open Commerce Platform", "version": "6.0.1", "operator": "le"}, {"name": "Siebel Apps - Marketing", "version": "18.7", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Java VM", "version": "12.2.0.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "11", "operator": "le"}, {"name": "Primavera Unifier", "version": "16.1", "operator": "le"}, {"name": "Oracle Tuxedo", "version": "12.1.1.0", "operator": "le"}, {"name": "Enterprise Manager Base Platform", "version": "12.1.0.5", "operator": "le"}, {"name": "Oracle Identity Management Suite", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.2.20", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "16.0.4", "operator": "le"}, {"name": "Oracle Retail Extract Transform and Load", "version": "13.0", "operator": "le"}, {"name": "Spatial", "version": "2.2", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "11.1.1.7", "operator": "le"}, {"name": "MySQL Connectors", "version": "8.0.12", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.7", "operator": "le"}, {"name": "Primavera Unifier", "version": "16.2", "operator": "le"}, {"name": "Oracle User Management", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.2.7", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.3", "operator": "le"}, {"name": "Oracle Customer Interaction History", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14", "operator": "le"}, {"name": "Oracle Retail Financial Integration", "version": "14.0", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.7", "operator": "le"}, {"name": "MICROS Relate CRM Software", "version": "10.8", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Retail Predictive Application Server", "version": "15.0", "operator": "le"}, {"name": "Oracle Retail Customer Management and Segmentation Foundation", "version": "16.0", "operator": "le"}, {"name": "Oracle Applications Manager", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Configuration Manager", "version": "12.1.2.0.2", "operator": "le"}, {"name": "MICROS Relate CRM Software", "version": "11.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Retail Assortment Planning", "version": "16.0", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Insurance Rules Palette", "version": "10.0", "operator": "le"}, {"name": "Oracle Retail Sales Audit", "version": "16.0", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.4", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Solaris", "version": "11.3", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.4", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "6.5.12", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2.1", "operator": "le"}, {"name": "Oracle Marketing", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Applications Framework", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "13.4", "operator": "le"}, {"name": "Oracle Partner Management", "version": "12.2.4", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.4.9.4237", "operator": "le"}, {"name": "Instantis EnterpriseTrack", "version": "17.2", "operator": "le"}, {"name": "Oracle Retail Extract Transform and Load", "version": "13.2", "operator": "le"}, {"name": "Oracle Healthcare Translational Research", "version": "3.1.0", "operator": "le"}, {"name": "Application Management Pack for Oracle E-Business Suite", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Hospitality Gift and Loyalty", "version": "9.0", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.0.7", "operator": "le"}], "cvelist": ["CVE-2018-3170", "CVE-2018-3157", "CVE-2018-3138", "CVE-2018-3254", "CVE-2017-5533", "CVE-2018-3204", "CVE-2018-3141", "CVE-2017-7407", "CVE-2015-9251", "CVE-2016-8620", "CVE-2017-9798", "CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-5244", "CVE-2018-0732", "CVE-2018-3183", "CVE-2015-0235", "CVE-2016-5420", "CVE-2018-3274", "CVE-2018-3271", "CVE-2018-1304", "CVE-2018-3297", "CVE-2018-3130", "CVE-2016-9840", "CVE-2018-3184", "CVE-2018-3227", "CVE-2018-3231", "CVE-2016-8615", "CVE-2016-8616", "CVE-2018-3188", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2018-3154", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2018-3189", "CVE-2018-1275", "CVE-2018-14048", "CVE-2018-3301", "CVE-2018-3294", "CVE-2018-3129", "CVE-2018-7489", "CVE-2018-3287", "CVE-2018-3180", "CVE-2018-3257", "CVE-2018-3280", "CVE-2018-3293", "CVE-2018-3247", "CVE-2018-3239", "CVE-2018-2911", "CVE-2018-3270", "CVE-2018-3249", "CVE-2018-3259", "CVE-2018-3167", "CVE-2018-3236", "CVE-2018-3292", "CVE-2017-3735", "CVE-2018-2912", "CVE-2018-3175", "CVE-2018-3250", "CVE-2014-0014", "CVE-2018-3299", "CVE-2018-1271", "CVE-2016-5080", "CVE-2018-3256", "CVE-2018-3136", "CVE-2018-3246", "CVE-2018-3152", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2018-3285", "CVE-2018-3115", "CVE-2018-3263", "CVE-2018-11039", "CVE-2018-3282", "CVE-2018-3218", "CVE-2018-3150", "CVE-2018-3145", "CVE-2018-3132", "CVE-2018-3190", "CVE-2016-7141", "CVE-2018-3220", "CVE-2018-11307", "CVE-2018-3133", "CVE-2018-2889", "CVE-2018-3128", "CVE-2018-3214", "CVE-2018-3182", "CVE-2018-3211", "CVE-2018-3210", "CVE-2016-0729", "CVE-2018-3233", "CVE-2018-3209", "CVE-2018-3131", "CVE-2018-3302", "CVE-2016-0635", "CVE-2016-0755", "CVE-2016-2107", "CVE-2018-3267", "CVE-2018-3261", "CVE-2015-7501", "CVE-2018-3219", "CVE-2018-3291", "CVE-2018-3244", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3193", "CVE-2018-3144", "CVE-2018-3206", "CVE-2018-3298", "CVE-2016-8617", "CVE-2016-9842", "CVE-2018-12022", "CVE-2018-3212", "CVE-2018-8014", "CVE-2016-1182", "CVE-2015-3153", "CVE-2018-1258", "CVE-2018-3234", "CVE-2018-3255", "CVE-2018-3226", "CVE-2018-1000122", "CVE-2018-3173", "CVE-2018-3215", "CVE-2018-3248", "CVE-2018-1305", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2018-3241", "CVE-2018-3228", "CVE-2018-11776", "CVE-2018-3122", "CVE-2018-13785", "CVE-2018-3011", "CVE-2018-3139", "CVE-2017-7805", "CVE-2018-3223", "CVE-2018-3205", "CVE-2018-3230", "CVE-2018-1257", "CVE-2018-3213", "CVE-2017-5715", "CVE-2018-3161", "CVE-2018-3290", "CVE-2018-3201", "CVE-2018-1000300", "CVE-2018-3251", "CVE-2018-3225", "CVE-2018-2902", "CVE-2018-3163", "CVE-2015-3144", "CVE-2018-2887", "CVE-2014-0114", "CVE-2018-3179", "CVE-2018-3262", "CVE-2018-3237", "CVE-2018-0739", "CVE-2018-3222", "CVE-2018-3155", "CVE-2015-0252", "CVE-2018-3253", "CVE-2018-3126", "CVE-2018-8034", "CVE-2018-3127", "CVE-2018-3221", "CVE-2018-3059", "CVE-2015-3237", "CVE-2018-3279", "CVE-2018-3151", "CVE-2018-2909", "CVE-2018-3245", "CVE-2018-3252", "CVE-2018-3284", "CVE-2018-8013", "CVE-2018-3235", "CVE-2016-8622", "CVE-2018-3275", "CVE-2015-7990", "CVE-2018-3162", "CVE-2018-3197", "CVE-2018-1272", "CVE-2018-3278", "CVE-2018-3186", "CVE-2017-7525", "CVE-2018-3159", "CVE-2018-3171", "CVE-2018-3296", "CVE-2018-3194", "CVE-2018-3217", "CVE-2018-3273", "CVE-2018-3178", "CVE-2018-3147", "CVE-2018-3288", "CVE-2018-1270", "CVE-2014-7817", "CVE-2018-3191", "CVE-2018-18224", "CVE-2012-1007", "CVE-2018-3143", "CVE-2016-8624", "CVE-2018-0733", "CVE-2016-1181", "CVE-2018-3281", "CVE-2018-2971", "CVE-2016-3739", "CVE-2018-3146", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3208", "CVE-2017-14735", "CVE-2015-3145", "CVE-2017-3738", "CVE-2018-3172", "CVE-2018-3164", "CVE-2018-3176", "CVE-2018-3169", "CVE-2018-3160", "CVE-2018-3149", "CVE-2014-3490", "CVE-2018-3185", "CVE-2018-3232", "CVE-2018-3264", "CVE-2018-8037", "CVE-2018-3258", "CVE-2017-5645", "CVE-2016-5421", "CVE-2016-9586", "CVE-2018-3272", "CVE-2018-3142", "CVE-2018-3295", "CVE-2018-2914", "CVE-2018-3192", "CVE-2018-3153", "CVE-2018-3283", "CVE-2017-5529", "CVE-2018-3269", "CVE-2016-9841", "CVE-2018-3196", "CVE-2016-4000", "CVE-2018-3289", "CVE-2018-3229", "CVE-2017-3736", "CVE-2018-3286", "CVE-2018-3177", "CVE-2018-3243", "CVE-2018-3242", "CVE-2018-3148", "CVE-2018-3181", "CVE-2018-18223", "CVE-2018-0737", "CVE-2018-3268", "CVE-2018-3200", "CVE-2016-5419", "CVE-2018-3195", "CVE-2017-15095", "CVE-2016-7167", "CVE-2018-11040", "CVE-2018-3198", "CVE-2018-3166", "CVE-2016-6814", "CVE-2018-3202", "CVE-2016-1000031", "CVE-2018-3158", "CVE-2018-1000301", "CVE-2018-3238", "CVE-2018-3134", "CVE-2018-12023", "CVE-2018-3224", "CVE-2018-3165", "CVE-2016-8621", "CVE-2018-3135", "CVE-2018-3168", "CVE-2015-6937", "CVE-2018-2922", "CVE-2018-3140", "CVE-2018-2913", "CVE-2018-3207"], "modified": "2018-10-16T00:00:00", "id": "ORACLE:CPUOCT2018-4428296", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}