Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-3489

Опубликовано: 17 авг. 2012
Источник: redhat
CVSS2: 2.7
EPSS Низкий

Описание

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5postgresqlNot affected
Red Hat Enterprise Linux 5postgresql84FixedRHSA-2012:126313.09.2012
Red Hat Enterprise Linux 6postgresqlFixedRHSA-2012:126313.09.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=849173postgresql: File disclosure through XXE in xmlparse by DTD validation

EPSS

Процентиль: 76%
0.01036
Низкий

2.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-3489

CVSS3: 6.5
ubuntu
почти 13 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

nvd логотип

CVE-2012-3489

CVSS3: 6.5
nvd
почти 13 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

debian логотип

CVE-2012-3489

CVSS3: 6.5
debian
почти 13 лет назад

The xml_parse function in the libxml2 support in the core server compo ...

github логотип

GHSA-fpq4-mcf9-c5w9

CVSS3: 6.5
github
около 3 лет назад

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

oracle-oval логотип

ELSA-2012-1263

oracle-oval
почти 13 лет назад

ELSA-2012-1263: postgresql and postgresql84 security update (MODERATE)

EPSS

Процентиль: 76%
0.01036
Низкий

2.7 Low

CVSS2