Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-6702
HistoryDec 31, 2012 - 12:00 a.m.

CVE-2012-6702

2012-12-3100:00:00
ubuntu.com
ubuntu.com
10

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

Expat, when used in a parser that has not called XML_SetHashSalt or passed
it a seed of 0, makes it easier for context-dependent attackers to defeat
cryptographic protection mechanisms via vectors involving use of the srand
function.

Bugs

Notes

Author Note
sbeattie tla uses system expat as of 1.3.5+dfsg-15
rodrigo-zaiden related to CVE-2012-0876, where the fix added XML_SetHashSalt and generate_hash_secret_salt methods. libxmltok does not have those methods, hence not affected.
ccdm94 cmake 3.20.5 and forward uses expat 2.2.10+.
Rows per page:
1-10 of 131

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

Related for UB:CVE-2012-6702