Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1664

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-1664
Last Modified 14 May 2013 11:35:50
Published 02 Apr 2013 08:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1664

Summary

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Vulnerable Systems

Application

  • Openstack Cinder Folsom -

  • Openstack Compute %28nova%29 Essex -

  • Openstack Compute %28nova%29 Folsom -

  • Openstack Folsom -

  • Openstack Grizzly -

  • Openstack Keystone Essex -


References

CONFIRM - https://bugs.launchpad.net/nova/+bug/1100282

MLIST - [oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280

MLIST - [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)

MLIST - [openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)

REDHAT - RHSA-2013:0658

REDHAT - RHSA-2013:0657

CONFIRM - http://bugs.python.org/issue17239

CONFIRM - http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

UBUNTU - USN-1757-1

REDHAT - RHSA-2013:0670


Last Updated: 27 May 2016 11:02:11