[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-890 ---- xmlsec1

ID: oval:org.secpod.oval:def:1600773Date: (C)2017-09-21   (M)2023-12-20
Class: PATCHFamily: unix




It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service

Platform:
Amazon Linux AMI
Product:
xmlsec1
Reference:
ALAS-2017-890
CVE-2017-1000061
CVE    1
CVE-2017-1000061
CPE    2
cpe:/o:amazon:linux
cpe:/a:aleksey:xmlsec1

© SecPod Technologies