4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.7%
The xmlParserHandlePEReference function in parser.c in libxml2 before
2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion
Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads
external parameter entities regardless of whether entity substitution or
validation is enabled, which allows remote attackers to cause a denial of
service (resource consumption) via a crafted XML document.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | libxml2 | < 2.7.6.dfsg-1ubuntu1.11 | UNKNOWN |
ubuntu | 12.04 | noarch | libxml2 | < 2.7.8.dfsg-5.1ubuntu4.7 | UNKNOWN |
ubuntu | 12.10 | noarch | libxml2 | < 2.8.0+dfsg1-5ubuntu2.5 | UNKNOWN |
ubuntu | 13.10 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu2.1 | UNKNOWN |
ubuntu | 14.04 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |