mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
271 lines
8.7 KiB
JSON
271 lines
8.7 KiB
JSON
{
|
|
"id": "CVE-2008-3281",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2008-08-27T20:41:00.000",
|
|
"lastModified": "2018-10-11T20:47:44.207",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansi\u00f3n de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-399"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "2.6.32",
|
|
"matchCriteriaId": "66E994C3-52FD-41F8-B310-3B1C549D2D62"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9087E4FE-661F-4803-BB3B-09D2699265E5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "81EDD077-5183-4588-8DB1-93A0597AAA34"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FFC48A66-7D1F-4446-BC50-6C1A1DF819E8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000039.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://security.gentoo.org/glsa/glsa-200812-06.xml",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3613",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://support.apple.com/kb/HT3639",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2008/dsa-1631",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:180",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/30783",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1020728",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.ubuntu.com/usn/usn-640-1",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/2419",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/2843",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/2971",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/1522",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/1621",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://xmlsoft.org/news.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458086",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://rhn.redhat.com/errata/RHSA-2008-0836.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://usn.ubuntu.com/644-1/",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html",
|
|
"source": "secalert@redhat.com"
|
|
}
|
|
]
|
|
} |