From caefa9ea4447a4a7bf7c86009e495042f7790238 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Sep 2019 15:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12400.json | 5 +++ 2019/12xxx/CVE-2019-12401.json | 56 ++++++++++++++++++++++++++++++++-- 2019/13xxx/CVE-2019-13139.json | 5 +++ 2019/5xxx/CVE-2019-5608.json | 5 +++ 2019/5xxx/CVE-2019-5609.json | 5 +++ 2019/5xxx/CVE-2019-5610.json | 5 +++ 2019/5xxx/CVE-2019-5611.json | 5 +++ 2019/5xxx/CVE-2019-5612.json | 5 +++ 8 files changed, 88 insertions(+), 3 deletions(-) diff --git a/2019/12xxx/CVE-2019-12400.json b/2019/12xxx/CVE-2019-12400.json index fec3705e842..269071d82eb 100644 --- a/2019/12xxx/CVE-2019-12400.json +++ b/2019/12xxx/CVE-2019-12400.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source", "url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0003/" } ] }, diff --git a/2019/12xxx/CVE-2019-12401.json b/2019/12xxx/CVE-2019-12401.json index 9c5bf72faf4..baa32d187ca 100644 --- a/2019/12xxx/CVE-2019-12401.json +++ b/2019/12xxx/CVE-2019-12401.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Solr", + "version": { + "version_data": [ + { + "version_value": "1.3.0 to 1.4.1" + }, + { + "version_value": "3.1.0 to 3.6.2" + }, + { + "version_value": "4.0.0 to 4.10.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Entity Expansion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it\u2019s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs." } ] } diff --git a/2019/13xxx/CVE-2019-13139.json b/2019/13xxx/CVE-2019-13139.json index 8b494a9e52d..2c0b8a7374f 100644 --- a/2019/13xxx/CVE-2019-13139.json +++ b/2019/13xxx/CVE-2019-13139.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4521", "url": "https://www.debian.org/security/2019/dsa-4521" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0001/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0001/" } ] } diff --git a/2019/5xxx/CVE-2019-5608.json b/2019/5xxx/CVE-2019-5608.json index 5790a413f10..b8706454672 100644 --- a/2019/5xxx/CVE-2019-5608.json +++ b/2019/5xxx/CVE-2019-5608.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0002/" } ] }, diff --git a/2019/5xxx/CVE-2019-5609.json b/2019/5xxx/CVE-2019-5609.json index 392f8cb3a26..2a60893e36b 100644 --- a/2019/5xxx/CVE-2019-5609.json +++ b/2019/5xxx/CVE-2019-5609.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0002/" } ] }, diff --git a/2019/5xxx/CVE-2019-5610.json b/2019/5xxx/CVE-2019-5610.json index fef0917c097..8f7362d91ff 100644 --- a/2019/5xxx/CVE-2019-5610.json +++ b/2019/5xxx/CVE-2019-5610.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0002/" } ] }, diff --git a/2019/5xxx/CVE-2019-5611.json b/2019/5xxx/CVE-2019-5611.json index 438236f4f93..29ea2d208f1 100644 --- a/2019/5xxx/CVE-2019-5611.json +++ b/2019/5xxx/CVE-2019-5611.json @@ -69,6 +69,11 @@ "refsource": "CONFIRM", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0002/" } ] }, diff --git a/2019/5xxx/CVE-2019-5612.json b/2019/5xxx/CVE-2019-5612.json index 83db1f83d52..fbd29892408 100644 --- a/2019/5xxx/CVE-2019-5612.json +++ b/2019/5xxx/CVE-2019-5612.json @@ -54,6 +54,11 @@ "refsource": "CONFIRM", "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190910-0002/", + "url": "https://security.netapp.com/advisory/ntap-20190910-0002/" } ] },