Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3489

Опубликовано: 03 окт. 2012
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 8.3.0 (включая) до 8.3.20 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 8.4.0 (включая) до 8.4.13 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.9 (исключая)
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Версия от 9.1.0 (включая) до 9.1.5 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Версия от 10.7.0 (включая) до 10.7.5 (включая)
cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01042
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

ubuntu логотип

CVE-2012-3489

CVSS3: 6.5
ubuntu
около 13 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

redhat логотип

CVE-2012-3489

redhat
около 13 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

debian логотип

CVE-2012-3489

CVSS3: 6.5
debian
около 13 лет назад

The xml_parse function in the libxml2 support in the core server compo ...

github логотип

GHSA-fpq4-mcf9-c5w9

CVSS3: 6.5
github
больше 3 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

oracle-oval логотип

ELSA-2012-1263

oracle-oval
около 13 лет назад

ELSA-2012-1263: postgresql and postgresql84 security update (MODERATE)

EPSS

Процентиль: 77%
0.01042
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611