4.3

CVE-2014-0191

EPSS 1.31%
Veröffentlicht 21.01.2015 14:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Fusion Middleware Version11.1.1.7.0

Oracle ≫ Fusion Middleware Version12.1.2.0.0

Oracle ≫ Fusion Middleware Version12.1.3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.31%	0.791

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Patch

Vendor Advisory

http://xmlsoft.org/news.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

https://support.apple.com/kb/HT205030

http://rhn.redhat.com/errata/RHSA-2015-0749.html

http://www-01.ibm.com/support/docview.wss?uid=swg21678183

http://www.securityfocus.com/bid/67233

https://bugzilla.redhat.com/show_bug.cgi?id=1090976

https://exchange.xforce.ibmcloud.com/vulnerabilities/93092

https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df

https://nvd.nist.gov/vuln/detail/CVE-2014-0191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0191

EUVD