Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-6702
HistoryDec 31, 2012 - 12:00 a.m.

CVE-2012-6702

2012-12-3100:00:00
ubuntu.com
ubuntu.com
19

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.2%

Expat, when used in a parser that has not called XML_SetHashSalt or passed
it a seed of 0, makes it easier for context-dependent attackers to defeat
cryptographic protection mechanisms via vectors involving use of the srand
function.

Bugs

Notes

Author Note
sbeattie tla uses system expat as of 1.3.5+dfsg-15
rodrigo-zaiden related to CVE-2012-0876, where the fix added XML_SetHashSalt and generate_hash_secret_salt methods. libxmltok does not have those methods, hence not affected.
ccdm94 cmake 3.20.5 and forward uses expat 2.2.10+.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.2%