CVE-2012-0037 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Vendor	Product	Version
librdf	raptor	𝑥 < 2.0.7
libreoffice	libreoffice	𝑥 < 3.4.6
libreoffice	libreoffice	3.5.0
apache	openoffice	3.3.0
apache	openoffice	3.4.0:beta
redhat	gluster_storage_server_for_on-premise	2.0
redhat	storage	2.0
redhat	storage_for_public_cloud	2.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.2
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	6.2
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
debian	debian_linux	6.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	dne
lucid	dne
hardy	dne

openoffice.org

raring	dne
quantal	dne
precise	not-affected
oneiric	not-affected
natty	not-affected
maverick	ignored
lucid	not-affected
hardy	ignored

raptor

raring	not-affected
quantal	Fixed 1.4.21-7ubuntu1 released
precise	Fixed 1.4.21-7ubuntu0.1 released
oneiric	Fixed 1.4.21-5ubuntu0.1 released
natty	Fixed 1.4.21-2ubuntu0.1 released
maverick	ignored
lucid	Fixed 1.4.21-1ubuntu1.1 released
hardy	ignored

raptor2

raring	not-affected
quantal	not-affected
precise	Fixed 2.0.6-1ubuntu0.1 released
lucid	dne

Known Exploits!

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

http://librdf.org/raptor/RELEASE.html#rel2_0_7

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html

http://rhn.redhat.com/errata/RHSA-2012-0410.html

http://rhn.redhat.com/errata/RHSA-2012-0411.html

http://secunia.com/advisories/48479

http://secunia.com/advisories/48493

http://secunia.com/advisories/48494

http://secunia.com/advisories/48526

http://secunia.com/advisories/48529

http://secunia.com/advisories/48542

http://secunia.com/advisories/48649

http://secunia.com/advisories/50692

http://secunia.com/advisories/60799

http://security.gentoo.org/glsa/glsa-201209-05.xml

http://vsecurity.com/resources/advisory/20120324-1/

http://www.debian.org/security/2012/dsa-2438

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

http://www.libreoffice.org/advisories/CVE-2012-0037/

http://www.mandriva.com/security/advisories?name=MDVSA-2012:061

http://www.mandriva.com/security/advisories?name=MDVSA-2012:062

http://www.mandriva.com/security/advisories?name=MDVSA-2012:063

http://www.openoffice.org/security/cves/CVE-2012-0037.html

http://www.openwall.com/lists/oss-security/2012/03/27/4

http://www.osvdb.org/80307

http://www.securityfocus.com/bid/52681

http://www.securitytracker.com/id?1026837

https://exchange.xforce.ibmcloud.com/vulnerabilities/74235

https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0

https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/

http://librdf.org/raptor/RELEASE.html#rel2_0_7

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html

http://rhn.redhat.com/errata/RHSA-2012-0410.html

http://rhn.redhat.com/errata/RHSA-2012-0411.html

http://secunia.com/advisories/48479

http://secunia.com/advisories/48493

http://secunia.com/advisories/48494

http://secunia.com/advisories/48526

http://secunia.com/advisories/48529

http://secunia.com/advisories/48542

http://secunia.com/advisories/48649

http://secunia.com/advisories/50692

http://secunia.com/advisories/60799

http://security.gentoo.org/glsa/glsa-201209-05.xml

http://vsecurity.com/resources/advisory/20120324-1/

http://www.debian.org/security/2012/dsa-2438

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

http://www.libreoffice.org/advisories/CVE-2012-0037/

http://www.mandriva.com/security/advisories?name=MDVSA-2012:061

http://www.mandriva.com/security/advisories?name=MDVSA-2012:062

http://www.mandriva.com/security/advisories?name=MDVSA-2012:063

http://www.openoffice.org/security/cves/CVE-2012-0037.html

http://www.openwall.com/lists/oss-security/2012/03/27/4

http://www.osvdb.org/80307

http://www.securityfocus.com/bid/52681

http://www.securitytracker.com/id?1026837

https://exchange.xforce.ibmcloud.com/vulnerabilities/74235

https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0

https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E