6.5

CVE-2012-3489

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 8.3.0 < 8.3.20
PostgresqlPostgresql Version >= 8.4.0 < 8.4.13
PostgresqlPostgresql Version >= 9.0.0 < 9.0.9
PostgresqlPostgresql Version >= 9.1.0 < 9.1.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
ApplemacOS X Server Version >= 10.7.0 <= 10.7.5
ApplemacOS X Server Version10.6.8
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEdition-
DebianDebian Linux Version6.0
RedhatEnterprise Linux Eus Version6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.06% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Mailing List
http://secunia.com/advisories/50718
Broken Link
http://www.postgresql.org/support/security/
Vendor Advisory
Release Notes
http://secunia.com/advisories/50859
Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1263.html
Third Party Advisory
http://secunia.com/advisories/50635
Broken Link
http://secunia.com/advisories/50946
Broken Link
http://www.debian.org/security/2012/dsa-2534
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
Broken Link
http://www.postgresql.org/about/news/1407/
Vendor Advisory
http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
Release Notes
http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
Release Notes
http://www.postgresql.org/docs/9.0/static/release-9-0-9.html
Release Notes
http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
Release Notes
http://www.ubuntu.com/usn/USN-1542-1
Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
Third Party Advisory
http://www.securityfocus.com/bid/55074
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=849173
Patch
Release Notes
Issue Tracking