Lucene search

Veracode Vulnerability DatabaseVERACODE:11038

HistoryJan 15, 2019 - 8:56 a.m.

XML External Entity (XXE)

2019-01-1508:56:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

librsvg2 is vulnerable to XML External Entity (XXE) attacks. The vulnerability exists as GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CPENameOperatorVersion
librsvg2eq2.26.0__5.el6_1.1
librsvg2eq2.26.0__5.el6

CPE	Name	Operator	Version
	librsvg2	eq	2.26.0__5.el6_1.1
	librsvg2	eq	2.26.0__5.el6

References

en.securitylab.ru/lab/PT-2013-01

ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes

lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html

lists.opensuse.org/opensuse-updates/2013-11/msg00114.html

rhn.redhat.com/errata/RHSA-2014-0127.html

secunia.com/advisories/55088

www.ubuntu.com/usn/USN-2149-1

www.ubuntu.com/usn/USN-2149-2

access.redhat.com/security/updates/classification/#moderate

bugzilla.gnome.org/show_bug.cgi?id=691708

rhn.redhat.com/errata/RHSA-2014-0127.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:11038