Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-7375

Опубликовано: 19 фев. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

РелизСтатусПримечание
devel

not-affected

2.9.4+dfsg1-3.1
esm-infra-legacy/trusty

released

2.9.1+dfsg1-3ubuntu4.10
esm-infra/xenial

released

2.9.3+dfsg1-1ubuntu0.3
precise/esm

not-affected

2.7.8.dfsg-5.1ubuntu4.18
trusty

released

2.9.1+dfsg1-3ubuntu4.10
trusty/esm

released

2.9.1+dfsg1-3ubuntu4.10
upstream

released

2.9.4+dfsg1-3.1, 2.9.5
vivid/ubuntu-core

DNE

xenial

released

2.9.3+dfsg1-1ubuntu0.3
yakkety

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 49%
0.00255
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-7375

CVSS3: 6.5
redhat
почти 9 лет назад

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

nvd логотип

CVE-2017-7375

CVSS3: 9.8
nvd
почти 8 лет назад

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

debian логотип

CVE-2017-7375

CVSS3: 9.8
debian
почти 8 лет назад

A flaw in libxml2 allows remote XML entity inclusion with default pars ...

github логотип

GHSA-ww2p-x466-vpwf

CVSS3: 9.8
github
больше 3 лет назад

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

fstec логотип

BDU:2019-00235

CVSS3: 9.8
fstec
почти 9 лет назад

Уязвимость компонента xmlParsePEReference библиотеки для работы с XML и HTML файлами libxml2, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 49%
0.00255
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3