[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-7375Date: (C)2018-02-27   (M)2024-03-26


A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038623
BID-98877
DSA-3952
GLSA-201711-01
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
https://bugzilla.redhat.com/show_bug.cgi?id=1462203
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
https://source.android.com/security/bulletin/2017-06-01

CPE    12
cpe:/o:debian:debian_linux:9.0
cpe:/o:google:android:4.4.4
cpe:/a:xmlsoft:libxml2
cpe:/o:google:android:6.0
...
CWE    1
CWE-611
OVAL    5
oval:org.secpod.oval:def:53120
oval:org.secpod.oval:def:51892
oval:org.secpod.oval:def:603070
oval:org.secpod.oval:def:703799
...

© SecPod Technologies