CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.1%
The xmlParserHandlePEReference function in parser.c in libxml2 before
2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion
Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads
external parameter entities regardless of whether entity substitution or
validation is enabled, which allows remote attackers to cause a denial of
service (resource consumption) via a crafted XML document.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | libxml2 | < 2.7.6.dfsg-1ubuntu1.11 | UNKNOWN |
ubuntu | 12.04 | noarch | libxml2 | < 2.7.8.dfsg-5.1ubuntu4.7 | UNKNOWN |
ubuntu | 12.10 | noarch | libxml2 | < 2.8.0+dfsg1-5ubuntu2.5 | UNKNOWN |
ubuntu | 13.10 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu2.1 | UNKNOWN |
ubuntu | 14.04 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |