Lucene search

Veracode Vulnerability DatabaseVERACODE:7161

HistoryJul 25, 2018 - 9:08 a.m.

XML External Entity (XXE)

2018-07-2509:08:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

libxml2.so is vulnerable to XML external entity (XXE) injection. The attack is possible because external entities expansions are not properly handled when the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader functions are not used.

CPENameOperatorVersion
libxml2.sole2.9.13
libxml2.sole2.9.13

CPE	Name	Operator	Version
	libxml2.so	le	2.9.13
	libxml2.so	le	2.9.13

References

lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

openwall.com/lists/oss-security/2013/02/21/24

openwall.com/lists/oss-security/2013/02/22/3

seclists.org/oss-sec/2013/q4/182

seclists.org/oss-sec/2013/q4/184

seclists.org/oss-sec/2013/q4/188

secunia.com/advisories/52662

secunia.com/advisories/54172

secunia.com/advisories/55568

www.debian.org/security/2013/dsa-2652

www.openwall.com/lists/oss-security/2013/04/12/6

www.ubuntu.com/usn/USN-1904-1

www.ubuntu.com/usn/USN-1904-2

bugzilla.redhat.com/show_bug.cgi?id=915149

git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f

gitlab.gnome.org/GNOME/libxml2/commit/4629ee02ac649c27f9c0cf98ba017c6b5526070f

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:7161