CVE-2016-9318

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

References

http://www.securityfocus.com/bid/94347

https://bugzilla.gnome.org/show_bug.cgi?id=772726

https://github.com/lsh123/xmlsec/issues/43

https://security.gentoo.org/glsa/201711-01

https://usn.ubuntu.com/3739-1/

https://usn.ubuntu.com/3739-2/

Details

Source: MITRE

Published: 2016-11-16

Updated: 2020-12-31

Type: CWE-611

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
126814SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2019:1896-1)NessusSuSE Local Security Checks
medium
124731EulerOS Virtualization 2.5.3 : libxml2 (EulerOS-SA-2019-1353)NessusHuawei Local Security Checks
medium
123073SUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:13985-1)NessusSuSE Local Security Checks
high
121663Photon OS 1.0: Libxml2 PHSA-2017-0001NessusPhotonOS Local Security Checks
high
111850Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated)NessusPhotonOS Local Security Checks
high
104492GLSA-201711-01 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
100780SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)NessusSuSE Local Security Checks
high
100352SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)NessusSuSE Local Security Checks
high
99936EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)NessusHuawei Local Security Checks
medium
99916EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)NessusHuawei Local Security Checks
medium
99492Fedora 24 : libxml2 (2017-be8574d593)NessusFedora Local Security Checks
critical
99491Fedora 25 : libxml2 (2017-a3a47973eb)NessusFedora Local Security Checks
critical
97116openSUSE Security Update : libxml2 (openSUSE-2017-244)NessusSuSE Local Security Checks
critical
97015SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1)NessusSuSE Local Security Checks
critical
96566SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)NessusSuSE Local Security Checks
high