CVE-2012-6685

Опубликовано: 19 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Nokogiri before 1.5.4 is vulnerable to XXE attacks

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1178970
Issue Tracking
Third Party Advisory
https://github.com/sparklemotion/nokogiri/issues/693
Exploit
Issue Tracking
Third Party Advisory
https://nokogiri.org/CHANGELOG.html#154-2012-06-12
Release Notes
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1178970
Issue Tracking
Third Party Advisory
https://github.com/sparklemotion/nokogiri/issues/693
Exploit
Issue Tracking
Third Party Advisory
https://nokogiri.org/CHANGELOG.html#154-2012-06-12
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*

Версия до 1.5.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00323

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-776

Связанные уязвимости

CVE-2012-6685

CVSS3: 7.5

ubuntu

почти 6 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685

redhat

больше 13 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685

CVSS3: 7.5

debian

почти 6 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

GHSA-6wj9-77wq-jq7p

CVSS3: 7.5

github

почти 4 года назад

Nokogiri is vulnerable to XML External Entity (XXE) attack

EPSS

Процентиль: 55%

0.00323

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-776