CVE-2013-0339

Exploit

EPSS 2.39%
Veröffentlicht 21.01.2014 18:55:09
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 18

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version <= 2.9.1

Xmlsoft ≫ Libxml2 Version1.7.0

Xmlsoft ≫ Libxml2 Version1.7.1

Xmlsoft ≫ Libxml2 Version1.7.2

Xmlsoft ≫ Libxml2 Version1.7.3

Xmlsoft ≫ Libxml2 Version1.7.4

Xmlsoft ≫ Libxml2 Version1.8.0

Xmlsoft ≫ Libxml2 Version1.8.1

Xmlsoft ≫ Libxml2 Version1.8.2

Xmlsoft ≫ Libxml2 Version1.8.3

Xmlsoft ≫ Libxml2 Version1.8.4

Xmlsoft ≫ Libxml2 Version1.8.5

Xmlsoft ≫ Libxml2 Version1.8.6

Xmlsoft ≫ Libxml2 Version1.8.7

Xmlsoft ≫ Libxml2 Version1.8.9

Xmlsoft ≫ Libxml2 Version1.8.10

Xmlsoft ≫ Libxml2 Version1.8.13

Xmlsoft ≫ Libxml2 Version1.8.14

Xmlsoft ≫ Libxml2 Version1.8.16

Xmlsoft ≫ Libxml2 Version2.0.0

Xmlsoft ≫ Libxml2 Version2.1.0

Xmlsoft ≫ Libxml2 Version2.1.1

Xmlsoft ≫ Libxml2 Version2.2.0

Xmlsoft ≫ Libxml2 Version2.2.0 Updatebeta

Xmlsoft ≫ Libxml2 Version2.2.1

Xmlsoft ≫ Libxml2 Version2.2.2

Xmlsoft ≫ Libxml2 Version2.2.3

Xmlsoft ≫ Libxml2 Version2.2.4

Xmlsoft ≫ Libxml2 Version2.2.5

Xmlsoft ≫ Libxml2 Version2.2.6

Xmlsoft ≫ Libxml2 Version2.2.7

Xmlsoft ≫ Libxml2 Version2.2.8

Xmlsoft ≫ Libxml2 Version2.2.9

Xmlsoft ≫ Libxml2 Version2.2.10

Xmlsoft ≫ Libxml2 Version2.2.11

Xmlsoft ≫ Libxml2 Version2.3.0

Xmlsoft ≫ Libxml2 Version2.3.1

Xmlsoft ≫ Libxml2 Version2.3.2

Xmlsoft ≫ Libxml2 Version2.3.3

Xmlsoft ≫ Libxml2 Version2.3.4

Xmlsoft ≫ Libxml2 Version2.3.5

Xmlsoft ≫ Libxml2 Version2.3.6

Xmlsoft ≫ Libxml2 Version2.3.7

Xmlsoft ≫ Libxml2 Version2.3.8

Xmlsoft ≫ Libxml2 Version2.3.9

Xmlsoft ≫ Libxml2 Version2.3.10

Xmlsoft ≫ Libxml2 Version2.3.11

Xmlsoft ≫ Libxml2 Version2.3.12

Xmlsoft ≫ Libxml2 Version2.3.13

Xmlsoft ≫ Libxml2 Version2.3.14

Xmlsoft ≫ Libxml2 Version2.4.1

Xmlsoft ≫ Libxml2 Version2.4.2

Xmlsoft ≫ Libxml2 Version2.4.3

Xmlsoft ≫ Libxml2 Version2.4.4

Xmlsoft ≫ Libxml2 Version2.4.5

Xmlsoft ≫ Libxml2 Version2.4.6

Xmlsoft ≫ Libxml2 Version2.4.7

Xmlsoft ≫ Libxml2 Version2.4.8

Xmlsoft ≫ Libxml2 Version2.4.9

Xmlsoft ≫ Libxml2 Version2.4.10

Xmlsoft ≫ Libxml2 Version2.4.11

Xmlsoft ≫ Libxml2 Version2.4.12

Xmlsoft ≫ Libxml2 Version2.4.13

Xmlsoft ≫ Libxml2 Version2.4.14

Xmlsoft ≫ Libxml2 Version2.4.15

Xmlsoft ≫ Libxml2 Version2.4.16

Xmlsoft ≫ Libxml2 Version2.4.17

Xmlsoft ≫ Libxml2 Version2.4.18

Xmlsoft ≫ Libxml2 Version2.4.19

Xmlsoft ≫ Libxml2 Version2.4.20

Xmlsoft ≫ Libxml2 Version2.4.21

Xmlsoft ≫ Libxml2 Version2.4.22

Xmlsoft ≫ Libxml2 Version2.4.23

Xmlsoft ≫ Libxml2 Version2.4.24

Xmlsoft ≫ Libxml2 Version2.4.25

Xmlsoft ≫ Libxml2 Version2.4.26

Xmlsoft ≫ Libxml2 Version2.4.27

Xmlsoft ≫ Libxml2 Version2.4.28

Xmlsoft ≫ Libxml2 Version2.4.29

Xmlsoft ≫ Libxml2 Version2.4.30

Xmlsoft ≫ Libxml2 Version2.5.0

Xmlsoft ≫ Libxml2 Version2.5.4

Xmlsoft ≫ Libxml2 Version2.5.7

Xmlsoft ≫ Libxml2 Version2.5.8

Xmlsoft ≫ Libxml2 Version2.5.10

Xmlsoft ≫ Libxml2 Version2.5.11

Xmlsoft ≫ Libxml2 Version2.6.0

Xmlsoft ≫ Libxml2 Version2.6.1

Xmlsoft ≫ Libxml2 Version2.6.2

Xmlsoft ≫ Libxml2 Version2.6.3

Xmlsoft ≫ Libxml2 Version2.6.4

Xmlsoft ≫ Libxml2 Version2.6.5

Xmlsoft ≫ Libxml2 Version2.6.6

Xmlsoft ≫ Libxml2 Version2.6.7

Xmlsoft ≫ Libxml2 Version2.6.8

Xmlsoft ≫ Libxml2 Version2.6.9

Xmlsoft ≫ Libxml2 Version2.6.11

Xmlsoft ≫ Libxml2 Version2.6.12

Xmlsoft ≫ Libxml2 Version2.6.13

Xmlsoft ≫ Libxml2 Version2.6.14

Xmlsoft ≫ Libxml2 Version2.6.16

Xmlsoft ≫ Libxml2 Version2.6.17

Xmlsoft ≫ Libxml2 Version2.6.18

Xmlsoft ≫ Libxml2 Version2.6.20

Xmlsoft ≫ Libxml2 Version2.6.21

Xmlsoft ≫ Libxml2 Version2.6.22

Xmlsoft ≫ Libxml2 Version2.6.23

Xmlsoft ≫ Libxml2 Version2.6.24

Xmlsoft ≫ Libxml2 Version2.6.25

Xmlsoft ≫ Libxml2 Version2.6.26

Xmlsoft ≫ Libxml2 Version2.6.27

Xmlsoft ≫ Libxml2 Version2.6.28

Xmlsoft ≫ Libxml2 Version2.6.29

Xmlsoft ≫ Libxml2 Version2.6.30

Xmlsoft ≫ Libxml2 Version2.6.31

Xmlsoft ≫ Libxml2 Version2.6.32

Xmlsoft ≫ Libxml2 Version2.7.0

Xmlsoft ≫ Libxml2 Version2.7.1

Xmlsoft ≫ Libxml2 Version2.7.2

Xmlsoft ≫ Libxml2 Version2.7.3

Xmlsoft ≫ Libxml2 Version2.7.4

Xmlsoft ≫ Libxml2 Version2.7.5

Xmlsoft ≫ Libxml2 Version2.7.6

Xmlsoft ≫ Libxml2 Version2.7.7

Xmlsoft ≫ Libxml2 Version2.7.8

Xmlsoft ≫ Libxml2 Version2.8.0

Xmlsoft ≫ Libxml2 Version2.9.0

Xmlsoft ≫ Libxml2 Version2.9.0 Updaterc1

Canonical ≫ Ubuntu Linux Version10.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.39%	0.844

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

http://secunia.com/advisories/55568

Vendor Advisory

http://secunia.com/advisories/52662

Vendor Advisory

http://www.debian.org/security/2013/dsa-2652

http://secunia.com/advisories/54172

http://www.ubuntu.com/usn/USN-1904-1

http://www.ubuntu.com/usn/USN-1904-2

http://openwall.com/lists/oss-security/2013/02/21/24

http://openwall.com/lists/oss-security/2013/02/22/3

http://seclists.org/oss-sec/2013/q4/182

http://seclists.org/oss-sec/2013/q4/184

http://seclists.org/oss-sec/2013/q4/188

http://www.openwall.com/lists/oss-security/2013/04/12/6

https://bugzilla.redhat.com/show_bug.cgi?id=915149

https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-0339

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0339

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0339

EUVD