Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-8799

Опубликовано: 06 дек. 2022
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2022-8799: pki-core security update (IMPORTANT)

[10.5.18-24]

  • ##########################################################################

  • RHEL 7.9 (Batch Update 19):

  • ##########################################################################
  • Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
  • ##########################################################################

  • RHCS 9.7 (Batch Update 19):

  • ##########################################################################
  • Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [certificate_system_9.7.z] (ckelley, mharmsen)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

pki-base

10.5.18-24.el7_9

pki-base-java

10.5.18-24.el7_9

pki-ca

10.5.18-24.el7_9

pki-javadoc

10.5.18-24.el7_9

pki-kra

10.5.18-24.el7_9

pki-server

10.5.18-24.el7_9

pki-symkey

10.5.18-24.el7_9

pki-tools

10.5.18-24.el7_9

Oracle Linux x86_64

pki-base

10.5.18-24.el7_9

pki-base-java

10.5.18-24.el7_9

pki-ca

10.5.18-24.el7_9

pki-javadoc

10.5.18-24.el7_9

pki-kra

10.5.18-24.el7_9

pki-server

10.5.18-24.el7_9

pki-symkey

10.5.18-24.el7_9

pki-tools

10.5.18-24.el7_9

Связанные CVE

CVE-2022-2414

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-2414

CVSS3: 7.5
ubuntu
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

redhat логотип

CVE-2022-2414

CVSS3: 7.5
redhat
около 3 лет назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

nvd логотип

CVE-2022-2414

CVSS3: 7.5
nvd
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

debian логотип

CVE-2022-2414

CVSS3: 7.5
debian
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML ...

redos логотип

ROS-20230418-04

CVSS3: 7.5
redos
около 2 лет назад

Уязвимость pki-core