CVE-2017-7375
CVE-2017-7375
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
19 feb 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aahttps://bugzilla.redhat.com/show_bug.cgi?id=1462203https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3ehttps://security.gentoo.org/glsa/201711-01https://source.android.com/security/bulletin/2017-06-01https://www.debian.org/security/2017/dsa-3952http://www.securityfocus.com/bid/98877http://www.securitytracker.com/id/1038623