Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1664
HistoryFeb 19, 2013 - 12:00 a.m.

CVE-2013-1664

2013-02-1900:00:00
ubuntu.com
ubuntu.com
6

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.09 Low

EPSS

Percentile

94.6%

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in
OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and
Folsom; Cinder Folsom; Django; and possibly other products allow remote
attackers to cause a denial of service (resource consumption and crash) via
an XML Entity Expansion (XEE) attack.

Bugs

Notes

Author Note
jdstrand Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon quantum will be fixed in grizzly rc1, due out the 2nd week of March
OSVersionArchitecturePackageVersionFilename
ubuntu12.10noarchcinder< 2012.2.1-0ubuntu1.1UNKNOWN
ubuntu12.04noarchkeystone< 2012.1+stable~20120824-a16a0ab9-0ubuntu2.5UNKNOWN
ubuntu12.10noarchkeystone< 2012.2.1-0ubuntu1.2UNKNOWN
ubuntu11.10noarchnova< 2011.3-0ubuntu6.12UNKNOWN
ubuntu12.04noarchnova< 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2UNKNOWN
ubuntu12.10noarchnova< 2012.2.1+stable-20121212-a99a802e-0ubuntu1.2UNKNOWN
ubuntu10.04noarchpython-django< 1.1.1-2ubuntu1.8UNKNOWN
ubuntu11.10noarchpython-django< 1.3-2ubuntu1.6UNKNOWN
ubuntu12.04noarchpython-django< 1.3.1-4ubuntu1.6UNKNOWN
ubuntu12.10noarchpython-django< 1.4.1-2ubuntu0.3UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.09 Low

EPSS

Percentile

94.6%