Lucene search

[email protected]NVD:CVE-2015-1819

HistoryAug 14, 2015 - 6:59 p.m.

CVE-2015-1819

2015-08-1418:59:03

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

Node

redhatenterprise_linuxRange≤5.0

Node

xmlsoftlibxml

Node

oraclesolarisMatch11.3

Node

appleiphone_osRange≤9.2.1

applemac_os_xRange≤10.11.3

appletvosRange≤9.1

applewatchosRange≤2.1

Node

oraclelinuxMatch7

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

References

lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html

lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

rhn.redhat.com/errata/RHSA-2015-1419.html

rhn.redhat.com/errata/RHSA-2015-2550.html

www.debian.org/security/2015/dsa-3430

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/75570

www.securitytracker.com/id/1034243

www.ubuntu.com/usn/USN-2812-1

xmlsoft.org/news.html

git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

security.gentoo.org/glsa/201507-08

security.gentoo.org/glsa/201701-37

support.apple.com/HT206166

support.apple.com/HT206167

support.apple.com/HT206168

support.apple.com/HT206169

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for NVD:CVE-2015-1819

nessus28 ibm19 debian3 prion1 redhat2 github1 mageia1 centos2 debiancve1 freebsd1 ubuntucve1 openvas17 gentoo2 cvelist1 veracode1 cve1 osv34 oraclelinux2 ubuntu1 rubygems1 fedora2 amazon2 archlinux1 apple8 suse1