Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-0191

Опубликовано: 21 янв. 2015
Источник: ubuntu
Приоритет: medium
CVSS2: 4.3

Описание

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

РелизСтатусПримечание
devel

released

2.9.1+dfsg1-3ubuntu5
esm-infra-legacy/trusty

released

2.9.1+dfsg1-3ubuntu4.1
lucid

released

2.7.6.dfsg-1ubuntu1.11
precise

released

2.7.8.dfsg-5.1ubuntu4.7
quantal

released

2.8.0+dfsg1-5ubuntu2.5
saucy

released

2.9.1+dfsg1-3ubuntu2.1
trusty

released

2.9.1+dfsg1-3ubuntu4.1
trusty/esm

released

2.9.1+dfsg1-3ubuntu4.1
upstream

needs-triage

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2014-0191

redhat
больше 11 лет назад

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

nvd логотип

CVE-2014-0191

nvd
больше 10 лет назад

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

debian логотип

CVE-2014-0191

debian
больше 10 лет назад

The xmlParserHandlePEReference function in parser.c in libxml2 before ...

suse-cvrf логотип

SUSE-RU-2016:2413-1

suse-cvrf
почти 9 лет назад

Recommended update for libxml2

github логотип

GHSA-hwp3-c628-9f7v

github
больше 3 лет назад

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

4.3 Medium

CVSS2