CVE-2016-9318

Sažetak

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

Reference

https://bugzilla.gnome.org/show_bug.cgi?id=772726
https://github.com/lsh123/xmlsec/issues/43
http://www.securityfocus.com/bid/94347
https://security.gentoo.org/glsa/201711-01
https://usn.ubuntu.com/3739-2/
https://usn.ubuntu.com/3739-1/
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-04-2022 - 23:15

Objavljeno

16-11-2016 - 00:59