Lucene search
Redhat.comRH:CVE-2016-9318HistoryNov 16, 2016 - 10:17 a.m.
CVE-2016-9318
2016-11-1610:17:17
redhat.com
access.redhat.com
20
0.002 Low
EPSS
Percentile
59.9%
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
Mitigation
Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.
Related
cve
cve
CVE-2016-9318
2016-11-16 00:59:00
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1353)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2017-1070)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1896-1)
2021-04-19 00:00:00
cvelist
cvelist
CVE-2016-9318
2016-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2016-9318
2016-11-15 00:00:00
CVE-2017-1000061
2017-07-17 00:00:00
nessus
nessus
Photon OS 1.0: Libxml2 PHSA-2017-0001
2019-02-07 00:00:00
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)
2017-01-17 00:00:00
EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)
2017-05-02 00:00:00
ibm
ibm
alpinelinux
alpinelinux
CVE-2016-9318
2016-11-16 00:59:00
veracode
veracode
XML External Entity (XXE)
2018-11-27 06:08:51
XML External Entity (XXE) Via Libxml2
2017-02-23 06:14:12
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
prion
prion
Xxe
2016-11-16 00:59:00
nvd
nvd
CVE-2016-9318
2016-11-16 00:59:00
debiancve
debiancve
CVE-2016-9318
2016-11-16 00:59:00
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
debian
debian
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
osv
osv
libxml2 - security update
2022-04-08 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
redhat
redhat
suse
suse
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00