Описание
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Отчет
This issue affects the versions of perl-XML-LibXML as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Меры по смягчению последствий
This issue only affects programs using this program in forms such as: $parser = XML::LibXML->new or $XML_DOC = $parser->load_xml if you use the form: $XML_DOC = XML::LibXML->load_xml this vulnerability will not be exposed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | perl-XML-LibXML | Will not fix | ||
| Red Hat Enterprise Linux 6 | perl-XML-LibXML | Will not fix | ||
| Red Hat Enterprise Linux 7 | perl-XML-LibXML | Will not fix |
Показывать по
Дополнительная информация
Статус:
2.6 Low
CVSS2
Связанные уязвимости
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
The _clone function in XML::LibXML before 2.0119 does not properly set ...
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
2.6 Low
CVSS2