ID CVE-2014-0191
Summary The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
References
Vulnerable Configurations
  • Oracle Fusion Middleware 11.1.1.7.0
    cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0
  • Oracle Fusion Middleware 12.1.2.0.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0
  • cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0
CVSS
Base: 4.3 (as of 08-07-2016 - 11:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_5.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-09-02
    modified 2018-07-16
    plugin id 85408
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85408
    title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-959.NASL
    description - update to 2.9.3 - full changelog: http://www.xmlsoft.org/news.html - fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-8035, CVE-2015-7942, CVE-2015-1819, CVE-2015-7941, CVE-2014-3660, CVE-2014-0191, CVE-2015-8241, CVE-2015-8317 - fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735], [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260], [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109], [bsc#957110]
    last seen 2018-09-01
    modified 2016-05-16
    plugin id 87631
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87631
    title openSUSE Security Update : libxml2 (openSUSE-2015-959)
  • NASL family AIX Local Security Checks
    NASL id AIX_U861276.NASL
    description The remote host is missing AIX PTF U861276, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-01
    modified 2015-04-03
    plugin id 79062
    published 2014-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79062
    title AIX 6.1 TL 9 : bos.rte.control (U861276)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-16.NASL
    description Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-06
    plugin id 82143
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82143
    title Debian DLA-16-1 : libxml2 security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0749.NASL
    description From Red Hat Security Advisory 2015:0749 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-09-01
    modified 2018-07-18
    plugin id 82464
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82464
    title Oracle Linux 7 : libxml2 (ELSA-2015-0749)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17609.NASL
    description Update to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 80327
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80327
    title Fedora 21 : mingw-libxml2-2.9.2-1.fc21 (2014-17609)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201409-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201409-08 (libxml2: Denial of Service) A vulnerability in the xmlParserHandlePEReference() function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact : A remote attacker may be able to cause Denial of Service via a specially crafted XML file containing malicious attributes. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2015-04-13
    plugin id 77776
    published 2014-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77776
    title GLSA-201409-08 : libxml2: Denial of Service
  • NASL family AIX Local Security Checks
    NASL id AIX_IV62447.NASL
    description Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-01
    modified 2015-01-23
    plugin id 77257
    published 2014-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77257
    title AIX 6.1 TL 8 : libxml2 (IV62447)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-086.NASL
    description Updated libxml2 packages fix security vulnerability : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 73978
    published 2014-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73978
    title Mandriva Linux Security Advisory : libxml2 (MDVSA-2014:086)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0513.NASL
    description Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 74094
    published 2014-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74094
    title CentOS 6 : libxml2 (CESA-2014:0513)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150330_LIBXML2_ON_SL7_X.NASL
    description It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-09-01
    modified 2015-03-31
    plugin id 82468
    published 2015-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82468
    title Scientific Linux Security Update : libxml2 on SL7.x x86_64
  • NASL family AIX Local Security Checks
    NASL id AIX_IV62448.NASL
    description Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-01
    modified 2015-01-23
    plugin id 77258
    published 2014-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77258
    title AIX 6.1 TL 9 : libxml2 (IV62448)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17573.NASL
    description Update to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 80318
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80318
    title Fedora 20 : mingw-libxml2-2.9.2-1.fc20 (2014-17573)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140519_LIBXML2_ON_SL6_X.NASL
    description It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-09-01
    modified 2015-01-26
    plugin id 74103
    published 2014-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74103
    title Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-4719.NASL
    description fixes built in also added a couple of other entities related patches including a fix to CVE-2014-3660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 82728
    published 2015-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82728
    title Fedora 20 : libxml2-2.9.1-4.fc20 (2015-4719)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-4658.NASL
    description fixes built in also added a couple of other entities related patches including a fix to CVE-2014-3660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 82627
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82627
    title Fedora 21 : libxml2-2.9.1-7.fc21 (2015-4658)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0513.NASL
    description From Red Hat Security Advisory 2014:0513 : Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-09-01
    modified 2015-12-01
    plugin id 74100
    published 2014-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74100
    title Oracle Linux 6 : libxml2 (ELSA-2014-0513)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-111.NASL
    description Updated libxml2 packages fix security vulnerabilities : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191). A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior (CVE-2014-3660).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 82364
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82364
    title Mandriva Linux Security Advisory : libxml2 (MDVSA-2015:111)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2014-0012.NASL
    description a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. b. vCenter Server certificate validation issue vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host. This may allow for a Man-in-the-middle attack against the CIM service. VMware would like to thank The Google Security Team for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8371 to this issue. c. Update to ESXi libxml2 package libxml2 is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-2877 and CVE-2014-0191 to these issues. d. Update to ESXi Curl package Curl is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0015 and CVE-2014-0138 to these issues. e. Update to ESXi Python package Python is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1752 and CVE-2013-4238 to these issues. f. vCenter and Update Manager, Oracle JRE 1.6 Update 81 Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014. The References section provides a link to this advisory.
    last seen 2018-09-01
    modified 2016-08-16
    plugin id 79762
    published 2014-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79762
    title VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-80.NASL
    description Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) In addition, this update addresses a misapplied chunk for a patch released the previous version (#762864). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-09
    plugin id 82225
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82225
    title Debian DLA-80-1 : libxml2 security update
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2014-0012.NASL
    description The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371) - The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 79865
    published 2014-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79865
    title VMware Security Updates for vCenter Server (VMSA-2014-0012)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0031.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149085) - Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011) - Improve handling of xmlStopParser(CVE-2013-2877) - Do not fetch external parameter entities (CVE-2014-0191) - Fix a regression in 2.9.0 breaking validation while streaming (rhbz#863166) - detect and stop excessive entities expansion upon replacement (rhbz#912575)
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 79546
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79546
    title OracleVM 3.3 : libxml2 (OVMSA-2014-0031)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-341.NASL
    description It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 78284
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78284
    title Amazon Linux AMI : libxml2 (ALAS-2014-341)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2014-0012_REMOTE.NASL
    description The remote VMware ESXi host is affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Python function _read_status() in library httplib and in function readline() in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these vulnerabilities to crash the module. (CVE-2013-1752) - A out-of-bounds read error exists in file parser.c in library libxml2 due to a failure to properly check the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a crafted document that abruptly ends, to cause a denial of service. (CVE-2013-2877) - A spoofing vulnerability exists in the Python SSL module in the ssl.match_hostname() function due to improper handling of the NULL character ('\0') in a domain name in the Subject Alternative Name field of an X.509 certificate. A man-in-the-middle attacker can exploit this, via a crafted certificate issued by a legitimate certification authority, to spoof arbitrary SSL servers. (CVE-2013-4238) - cURL and libcurl are affected by a flaw related to the re-use of NTLM connections whenever more than one authentication method is enabled. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0015) - The default configuration in cURL and libcurl reuses the SCP, SFTP, POP3, POP3S, IMAP, IMAPS, SMTP, SMTPS, LDAP, and LDAPS connections. An unauthenticated, remote attacker can exploit this, via a crafted request, to connect and impersonate other users. (CVE-2014-0138) - A flaw exists in the xmlParserHandlePEReference() function in file parser.c in libxml2 due to loading external entities regardless of entity substitution or validation being enabled. An unauthenticated, remote attacker can exploit this, via a crafted XML document, to exhaust resources, resulting in a denial of service. (CVE-2014-0191)
    last seen 2018-09-01
    modified 2018-08-06
    plugin id 87681
    published 2015-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87681
    title VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0749.NASL
    description Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 82476
    published 2015-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82476
    title CentOS 7 : libxml2 (CESA-2015:0749)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-409.NASL
    description Removed fix for CVE-2014-0191. This fix breaks existing applications and there's currently no way to prevent that.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75381
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75381
    title openSUSE Security Update : libxml2 / python-libxml2 (openSUSE-SU-2014:0753-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2214-1.NASL
    description Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-12-01
    plugin id 74035
    published 2014-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74035
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxml2 vulnerability (USN-2214-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV62449.NASL
    description Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-02
    modified 2015-01-23
    plugin id 77259
    published 2014-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77259
    title AIX 7.1 TL 2 : libxml2 (IV62449)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0749.NASL
    description Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 82427
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82427
    title RHEL 7 : libxml2 (RHSA-2015:0749)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-363.NASL
    description - fix for CVE-2014-0191 (bnc#876652) - libxml2: external parameter entity loaded when entity substitution is disabled - added libxml2-CVE-2014-0191.patch
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75358
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75358
    title openSUSE Security Update : libxml2 (openSUSE-SU-2014:0645-1)
  • NASL family AIX Local Security Checks
    NASL id AIX_U862099.NASL
    description The remote host is missing AIX PTF U862099, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-01
    modified 2015-04-03
    plugin id 79063
    published 2014-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79063
    title AIX 7.1 TL 3 : bos.rte.control (U862099)
  • NASL family AIX Local Security Checks
    NASL id AIX_IV62450.NASL
    description Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen 2018-09-01
    modified 2015-01-23
    plugin id 77260
    published 2014-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77260
    title AIX 7.1 TL 3 : libxml2 (IV62450)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-151.NASL
    description It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This caused libxml2 to not parse an entity when it's used first in another entity referenced from an attribute value. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-06
    plugin id 82134
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82134
    title Debian DLA-151-1 : libxml2 security update
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities : - (CVE-2003-1418) - A denial of service vulnerability exists in libxml2, related to the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities without regard to entity substitution or validation being enabled, as in the case of entity substitution in the doctype prolog. An unauthenticated, remote attacker can exploit this, via specially crafted XML content, to exhaust the system CPU, memory, or file descriptor resources. (CVE-2014-0191) - An unspecified vulnerability exists in the Web Listener component that allows an unauthenticated, remote attacker to impact availability. (CVE-2015-1829) - (CVE-2015-2808) - An unspecified vulnerability exists in the OSSL Module that allows an unauthenticated, remote attacker to impact confidentiality. (CVE-2015-4812) - An unspecified vulnerability exists in the Web Listener component that allows an authenticated, remote attacker to impact confidentiality. (CVE-2015-4914) - (CVE-2016-2183)
    last seen 2018-09-01
    modified 2018-07-16
    plugin id 86569
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86569
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2978.NASL
    description Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 76499
    published 2014-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76499
    title Debian DSA-2978-1 : libxml2 - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0513.NASL
    description Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74102
    published 2014-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74102
    title RHEL 6 : libxml2 (RHSA-2014:0513)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXML2_20140819.NASL
    description The remote Solaris system is missing necessary patches to address security updates.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 80692
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80692
    title Oracle Solaris Third-Party Patch Update : libxml2 (cve_2014_0191_denial_of)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1366-1.NASL
    description This update for libxml2 fixes the following issues : - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497) - CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652) - CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-12-02
    modified 2018-11-30
    plugin id 100352
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100352
    title SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EFDD0EDCDA3D11E39ECB2C4138874F7D.NASL
    description Stefan Cornelius reports : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. This issue was discovered by Daniel Berrange of Red Hat.
    last seen 2018-11-24
    modified 2018-11-23
    plugin id 73975
    published 2014-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73975
    title FreeBSD : libxml2 -- entity substitution DoS (efdd0edc-da3d-11e3-9ecb-2c4138874f7d)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the 'internal entity expansion' with linear complexity issue, that allows specially crafted XML files to consume excessive CPU and memory resources. An unauthenticated, remote attacker can exploit this to cause a denial of service condition by using a specially crafted XML file containing an entity declaration with long replacement text and many references to this entity. (CVE-2013-0338) - An out-of-bounds read error exists in libxml2 within file parser.c due to a failure to check for the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a specially crafted document that ends abruptly, to cause a denial of service condition. (CVE-2013-2877) - A flaw exists within the mod_headers module in the HTTP server which allows bypassing the 'RequestHeader unset' directives. An unauthenticated, remote attacker can exploit this to inject arbitrary headers. This is done by placing a header in the trailer portion of data being sent using chunked transfer encoding. (CVE-2013-5704) - A flaw exists in the dav_xml_get_cdata() function in file main/util.c within the HTTP server mod_dav module due to incorrect stripping of whitespace characters from the CDATA sections. An unauthenticated, remote attacker via a specially crafted DAV WRITE request, can exploit this to cause a denial of service condition. (CVE-2013-6438) - A flaw exists in the log_cookie() function in file mod_log_config.c within the HTTP server mod_log_config module due to improper handling of specially crafted cookies during truncation. An unauthenticated, remote attacker can exploit this to cause a denial of service condition via a segmentation fault. (CVE-2014-0098) - A flaw exists in libxml2, specifically in the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities even when entity substitution is disabled. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML file, to conduct XML External Entity (XXE) attacks that exhaust CPU and memory resources, resulting in a denial of service condition. (CVE-2014-0191) - A race condition exists in the HTTP server within the mod_status module when using a threaded Multi-Processing Module (MPM). If an unauthenticated, remote attacker is able to access status pages served by mod_status, the attacker can exploit this issue, by sending specially crafted requests, to cause the httpd child process to crash or possibly execute arbitrary code with the privileges of the user running the web server. (CVE-2014-0226) - An unspecified flaw exists in the Web Listener subcomponent that allows an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6571) - An unspecified flaw exists in the J2EE subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2015-0372) - An unspecified flaw exists in the Web Listener subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2015-0386)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 81002
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81002
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-394.NASL
    description Updated fix for openSUSE-SU-2014:0645-1 because of a regression that caused xmllint to break.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75373
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75373
    title openSUSE Security Update : libxml2 / python-libxml2 (openSUSE-SU-2014:0716-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-006.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 85409
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85409
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-006)
  • NASL family Misc.
    NASL id APPLETV_7_2_1.NASL
    description According to its banner, the remote Apple TV device is a version prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities in the following components : - bootp - CFPreferences - CloudKit - Code Signing - CoreMedia Playback - CoreText - DiskImages - FontParser - ImageIO - IOHIDFamily - IOKit - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - libxslt - Location Framework - Office Viewer - QL Office - Sandbox_profiles - WebKit
    last seen 2018-12-15
    modified 2018-12-14
    plugin id 90315
    published 2016-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90315
    title Apple TV < 7.2.1 Multiple Vulnerabilities
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 79862
    published 2014-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79862
    title ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
redhat via4
advisories
  • bugzilla
    id 1090976
    title CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libxml2 is earlier than 0:2.7.6-14.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140513005
        • comment libxml2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749006
      • AND
        • comment libxml2-devel is earlier than 0:2.7.6-14.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140513007
        • comment libxml2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749012
      • AND
        • comment libxml2-python is earlier than 0:2.7.6-14.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140513011
        • comment libxml2-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749010
      • AND
        • comment libxml2-static is earlier than 0:2.7.6-14.el6_5.1
          oval oval:com.redhat.rhsa:tst:20140513009
        • comment libxml2-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749008
    rhsa
    id RHSA-2014:0513
    released 2014-05-19
    severity Moderate
    title RHSA-2014:0513: libxml2 security update (Moderate)
  • bugzilla
    id 1090976
    title CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libxml2 is earlier than 0:2.9.1-5.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150749005
        • comment libxml2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749006
      • AND
        • comment libxml2-devel is earlier than 0:2.9.1-5.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150749007
        • comment libxml2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749012
      • AND
        • comment libxml2-python is earlier than 0:2.9.1-5.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150749009
        • comment libxml2-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749010
      • AND
        • comment libxml2-static is earlier than 0:2.9.1-5.el7_1.2
          oval oval:com.redhat.rhsa:tst:20150749011
        • comment libxml2-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111749008
    rhsa
    id RHSA-2015:0749
    released 2015-03-30
    severity Moderate
    title RHSA-2015:0749: libxml2 security update (Moderate)
rpms
  • libxml2-0:2.7.6-14.el6_5.1
  • libxml2-devel-0:2.7.6-14.el6_5.1
  • libxml2-python-0:2.7.6-14.el6_5.1
  • libxml2-static-0:2.7.6-14.el6_5.1
  • libxml2-0:2.9.1-5.el7_1.2
  • libxml2-devel-0:2.9.1-5.el7_1.2
  • libxml2-python-0:2.9.1-5.el7_1.2
  • libxml2-static-0:2.9.1-5.el7_1.2
refmap via4
apple
  • APPLE-SA-2015-08-13-2
  • APPLE-SA-2015-08-13-3
bid 67233
confirm
suse openSUSE-SU-2015:2372
xf libxml2-cve20140191-dos(93092)
vmware via4
description libxml2 is updated to address multiple security issues
id VMSA-2014-0012
last_updated 2015-01-27T00:00:00
published 2014-12-04T00:00:00
title Update to ESXi libxml2 package
workaround None
Last major update 02-01-2017 - 21:59
Published 21-01-2015 - 09:59
Last modified 28-08-2017 - 21:34
Back to Top