CVE-2016-9318

CVSS 5.5 MEDIUMEPSS 2.9%CWE-611

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 2.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

16 nov 2016Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.gnome.org/show_bug.cgi?id=772726 https://github.com/lsh123/xmlsec/issues/43 https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo.org/glsa/201711-01 https://usn.ubuntu.com/3739-1/https://usn.ubuntu.com/3739-2/http://www.securityfocus.com/bid/94347