CVE-2015-3451 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
xml-libxml_project	xml-libxml	𝑥 ≤ 2.0118
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04
debian	debian_linux	7.0
debian	debian_linux	8.0
opensuse	opensuse	13.1
opensuse	opensuse	13.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml-libxml-perl

bullseye	2.0134+dfsg-2 fixed
bookworm	2.0207+dfsg+really+2.0134-1 fixed
sid	2.0207+dfsg+really+2.0134-5 fixed
trixie	2.0207+dfsg+really+2.0134-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

libxml-libxml-perl

vivid	Fixed 2.0116+dfsg-1ubuntu0.15.04.1 released
utopic	Fixed 2.0116+dfsg-1ubuntu0.14.10.1 released
trusty	Fixed 2.0108+dfsg-1ubuntu0.1 released
precise	Fixed 1.89+dfsg-1ubuntu0.1 released

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

http://advisories.mageia.org/MGASA-2015-0199.html

http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157448.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157740.html

http://lists.opensuse.org/opensuse-updates/2015-09/msg00006.html

http://www.debian.org/security/2015/dsa-3243

http://www.mandriva.com/security/advisories?name=MDVSA-2015:231

http://www.openwall.com/lists/oss-security/2015/04/25/2

http://www.openwall.com/lists/oss-security/2015/04/30/1

http://www.securityfocus.com/bid/74333

http://www.ubuntu.com/usn/USN-2592-1

https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/

http://advisories.mageia.org/MGASA-2015-0199.html

http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157448.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157740.html

http://lists.opensuse.org/opensuse-updates/2015-09/msg00006.html

http://www.debian.org/security/2015/dsa-3243

http://www.mandriva.com/security/advisories?name=MDVSA-2015:231

http://www.openwall.com/lists/oss-security/2015/04/25/2

http://www.openwall.com/lists/oss-security/2015/04/30/1

http://www.securityfocus.com/bid/74333

http://www.ubuntu.com/usn/USN-2592-1

https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/