6.5

CVE-2013-6460

Exploit
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NokogiriNokogiri Version >= 1.5.0 < 1.5.11
NokogiriNokogiri Version >= 1.6.0 < 1.6.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
RedhatOpenstack Version3.0
RedhatOpenstack Version4.0
RedhatSatellite Version6.0
RedhatEnterprise Mrg Version2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.08% 0.791
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

http://www.openwall.com/lists/oss-security/2013/12/27/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/64513
Third Party Advisory
VDB Entry
https://access.redhat.com/security/cve/cve-2013-6460
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
Patch
Third Party Advisory
Exploit
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/90058
Third Party Advisory
VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-6460
Third Party Advisory