CVE-2017-1000061

Опубликовано: 30 мар. 2017

Источник: redhat

CVSS3: 6.5

Описание

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	xmlsec1	Will not fix
Red Hat Enterprise Linux 6	xmlsec1	Will not fix
Red Hat Enterprise Linux 7	xmlsec1	Fixed	RHSA-2017:2492	21.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1437311xmlsec1: xmlsec vulnerable to external entity expansion

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000061

CVSS3: 7.1

ubuntu

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 7.1

nvd

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CVE-2017-1000061

CVSS3: 7.1

debian

больше 8 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansio ...

GHSA-jmhh-hg4r-g2c2

CVSS3: 7.1

github

больше 3 лет назад

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

ELSA-2017-2492

oracle-oval

около 8 лет назад

ELSA-2017-2492: xmlsec1 security update (MODERATE)

6.5 Medium

CVSS3