Lucene search
Ubuntu.comUB:CVE-2009-2473HistoryAug 21, 2009 - 12:00 a.m.
CVE-2009-2473
2009-08-2100:00:00
ubuntu.com
ubuntu.com
7
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.7%
neon before 0.28.6, when expat is used, does not properly detect recursion
during entity expansion, which allows context-dependent attackers to cause
a denial of service (memory and CPU consumption) via a crafted XML document
containing a large number of nested entity references, a similar issue to
CVE-2003-1564.
Notes
| Author | Note |
|---|---|
| jdstrand | neon, neon26 and neon27 are all build with libxml2 and not expat |
Related
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:53:01
cve
cve
prion
prion
Code injection
2009-08-21 17:30:00
Design/Logic Flaw
2014-02-26 14:55:00
Code injection
2014-09-23 20:55:00
debiancve
debiancve
openvas
openvas
Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
2009-09-02 00:00:00
Mandrake Security Advisory MDVSA-2009:221 (libneon0.27)
2009-09-02 00:00:00
RedHat Update for gnome-vfs2 RHSA-2013:0131-01
2013-01-11 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:221 ] libneon0.27
2009-08-25 00:00:00
libneon certificate spoofing
2009-08-25 00:00:00
About the security content of Mac OS X v10.6.5 and Security Update 2010-007
2010-11-18 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)
2009-08-25 00:00:00
RHEL 5 : gnome-vfs2 (RHSA-2013:0131)
2013-01-08 00:00:00
Oracle Linux 5 : gnome-vfs2 (ELSA-2013-0131)
2013-07-12 00:00:00
ubuntucve
ubuntucve
altlinux
altlinux
Security fix for the ALT Linux 5 package gnome-vfs version 1:2.24.3-alt2
2010-09-27 00:00:00
redhat
redhat
(RHSA-2013:0131) Low: gnome-vfs2 security and bug fix update
2013-01-08 00:00:00
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
(RHSA-2009:1452) Moderate: neon security update
2009-09-21 00:00:00
seebug
seebug
Neon XMLć楣解ććçťćĺĄćźć´
2009-08-26 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: neon-0.28.6-1.fc10
2009-08-20 20:59:38
[SECURITY] Fedora 11 Update: neon-0.28.6-1.fc11
2009-08-20 21:03:23
oraclelinux
oraclelinux
gnome-vfs2 security and bug fix update
2013-01-11 00:00:00
neon security update
2009-09-21 00:00:00
centos
centos
gnome security update
2013-01-09 19:45:49
libxml2 security update
2008-09-12 01:23:56
neon security update
2009-09-22 13:46:23
github
github
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
redhatcve
redhatcve
CVE-2017-18640
2020-04-08 21:02:33
osv
osv
SnakeYAML Entity Expansion during load operation
2021-06-04 21:37:45
CVE-2017-18640
2019-12-12 03:15:10
JBossWS vulnerable to uncontrolled recursion
2022-05-13 01:39:29
freebsd
freebsd
ejabberd -- remote denial of service vulnerability
2011-04-27 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
65.7%
Related for UB:CVE-2009-2473