ID CVE-2014-3660
Summary parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
References
Vulnerable Configurations
  • XMLSoft Libxml2 2.8.0
    cpe:2.3:a:xmlsoft:libxml2:2.8.0
  • XMLSoft Libxml2 2.0.0
    cpe:2.3:a:xmlsoft:libxml2:2.0.0
  • XMLSoft Libxml2 2.1.0
    cpe:2.3:a:xmlsoft:libxml2:2.1.0
  • XMLSoft Libxml2 2.1.1
    cpe:2.3:a:xmlsoft:libxml2:2.1.1
  • XMLSoft Libxml2 2.2.0
    cpe:2.3:a:xmlsoft:libxml2:2.2.0
  • XMLSoft Libxml2 2.2.0 beta
    cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta
  • XMLSoft Libxml2 2.2.1
    cpe:2.3:a:xmlsoft:libxml2:2.2.1
  • XMLSoft Libxml2 2.2.10
    cpe:2.3:a:xmlsoft:libxml2:2.2.10
  • XMLSoft Libxml2 2.2.11
    cpe:2.3:a:xmlsoft:libxml2:2.2.11
  • XMLSoft Libxml2 2.2.2
    cpe:2.3:a:xmlsoft:libxml2:2.2.2
  • XMLSoft Libxml2 2.2.3
    cpe:2.3:a:xmlsoft:libxml2:2.2.3
  • XMLSoft Libxml2 2.2.4
    cpe:2.3:a:xmlsoft:libxml2:2.2.4
  • XMLSoft Libxml2 2.2.5
    cpe:2.3:a:xmlsoft:libxml2:2.2.5
  • XMLSoft Libxml2 2.2.6
    cpe:2.3:a:xmlsoft:libxml2:2.2.6
  • XMLSoft Libxml2 2.2.7
    cpe:2.3:a:xmlsoft:libxml2:2.2.7
  • XMLSoft Libxml2 2.2.8
    cpe:2.3:a:xmlsoft:libxml2:2.2.8
  • XMLSoft Libxml2 2.2.9
    cpe:2.3:a:xmlsoft:libxml2:2.2.9
  • XMLSoft Libxml2 2.3.0
    cpe:2.3:a:xmlsoft:libxml2:2.3.0
  • XMLSoft Libxml2 2.3.1
    cpe:2.3:a:xmlsoft:libxml2:2.3.1
  • XMLSoft Libxml2 2.3.10
    cpe:2.3:a:xmlsoft:libxml2:2.3.10
  • XMLSoft Libxml2 2.3.11
    cpe:2.3:a:xmlsoft:libxml2:2.3.11
  • XMLSoft Libxml2 2.3.12
    cpe:2.3:a:xmlsoft:libxml2:2.3.12
  • XMLSoft Libxml2 2.3.13
    cpe:2.3:a:xmlsoft:libxml2:2.3.13
  • XMLSoft Libxml2 2.3.14
    cpe:2.3:a:xmlsoft:libxml2:2.3.14
  • XMLSoft Libxml2 2.3.2
    cpe:2.3:a:xmlsoft:libxml2:2.3.2
  • XMLSoft Libxml2 2.3.3
    cpe:2.3:a:xmlsoft:libxml2:2.3.3
  • XMLSoft Libxml2 2.3.4
    cpe:2.3:a:xmlsoft:libxml2:2.3.4
  • XMLSoft Libxml2 2.3.5
    cpe:2.3:a:xmlsoft:libxml2:2.3.5
  • XMLSoft Libxml2 2.3.6
    cpe:2.3:a:xmlsoft:libxml2:2.3.6
  • XMLSoft Libxml2 2.3.7
    cpe:2.3:a:xmlsoft:libxml2:2.3.7
  • XMLSoft Libxml2 2.3.8
    cpe:2.3:a:xmlsoft:libxml2:2.3.8
  • XMLSoft Libxml2 2.3.9
    cpe:2.3:a:xmlsoft:libxml2:2.3.9
  • XMLSoft Libxml2 2.4.1
    cpe:2.3:a:xmlsoft:libxml2:2.4.1
  • XMLSoft Libxml2 2.4.10
    cpe:2.3:a:xmlsoft:libxml2:2.4.10
  • XMLSoft Libxml2 2.4.11
    cpe:2.3:a:xmlsoft:libxml2:2.4.11
  • XMLSoft Libxml2 2.4.12
    cpe:2.3:a:xmlsoft:libxml2:2.4.12
  • XMLSoft Libxml2 2.4.13
    cpe:2.3:a:xmlsoft:libxml2:2.4.13
  • XMLSoft Libxml2 2.4.14
    cpe:2.3:a:xmlsoft:libxml2:2.4.14
  • XMLSoft Libxml2 2.4.15
    cpe:2.3:a:xmlsoft:libxml2:2.4.15
  • XMLSoft Libxml2 2.4.16
    cpe:2.3:a:xmlsoft:libxml2:2.4.16
  • XMLSoft Libxml2 2.4.17
    cpe:2.3:a:xmlsoft:libxml2:2.4.17
  • XMLSoft Libxml2 2.4.18
    cpe:2.3:a:xmlsoft:libxml2:2.4.18
  • XMLSoft Libxml2 2.4.19
    cpe:2.3:a:xmlsoft:libxml2:2.4.19
  • XMLSoft Libxml2 2.4.2
    cpe:2.3:a:xmlsoft:libxml2:2.4.2
  • XMLSoft Libxml2 2.4.20
    cpe:2.3:a:xmlsoft:libxml2:2.4.20
  • XMLSoft Libxml2 2.4.21
    cpe:2.3:a:xmlsoft:libxml2:2.4.21
  • XMLSoft Libxml2 2.4.22
    cpe:2.3:a:xmlsoft:libxml2:2.4.22
  • XMLSoft Libxml2 2.4.23
    cpe:2.3:a:xmlsoft:libxml2:2.4.23
  • XMLSoft Libxml2 2.4.24
    cpe:2.3:a:xmlsoft:libxml2:2.4.24
  • XMLSoft Libxml2 2.4.25
    cpe:2.3:a:xmlsoft:libxml2:2.4.25
  • XMLSoft Libxml2 2.4.26
    cpe:2.3:a:xmlsoft:libxml2:2.4.26
  • XMLSoft Libxml2 2.4.27
    cpe:2.3:a:xmlsoft:libxml2:2.4.27
  • XMLSoft Libxml2 2.4.28
    cpe:2.3:a:xmlsoft:libxml2:2.4.28
  • XMLSoft Libxml2 2.4.29
    cpe:2.3:a:xmlsoft:libxml2:2.4.29
  • XMLSoft Libxml2 2.4.3
    cpe:2.3:a:xmlsoft:libxml2:2.4.3
  • XMLSoft Libxml2 2.4.30
    cpe:2.3:a:xmlsoft:libxml2:2.4.30
  • XMLSoft Libxml2 2.4.4
    cpe:2.3:a:xmlsoft:libxml2:2.4.4
  • XMLSoft Libxml2 2.4.5
    cpe:2.3:a:xmlsoft:libxml2:2.4.5
  • XMLSoft Libxml2 2.4.6
    cpe:2.3:a:xmlsoft:libxml2:2.4.6
  • XMLSoft Libxml2 2.4.7
    cpe:2.3:a:xmlsoft:libxml2:2.4.7
  • XMLSoft Libxml2 2.4.8
    cpe:2.3:a:xmlsoft:libxml2:2.4.8
  • XMLSoft Libxml2 2.4.9
    cpe:2.3:a:xmlsoft:libxml2:2.4.9
  • XMLSoft Libxml2 2.5.0
    cpe:2.3:a:xmlsoft:libxml2:2.5.0
  • Xmlsoft Libxml2 2.5.10
    cpe:2.3:a:xmlsoft:libxml2:2.5.10
  • XMLSoft Libxml2 2.5.11
    cpe:2.3:a:xmlsoft:libxml2:2.5.11
  • XMLSoft Libxml2 2.5.4
    cpe:2.3:a:xmlsoft:libxml2:2.5.4
  • XMLSoft Libxml2 2.5.7
    cpe:2.3:a:xmlsoft:libxml2:2.5.7
  • XMLSoft Libxml2 2.5.8
    cpe:2.3:a:xmlsoft:libxml2:2.5.8
  • XMLSoft Libxml2 2.6.0
    cpe:2.3:a:xmlsoft:libxml2:2.6.0
  • XMLSoft Libxml2 2.6.1
    cpe:2.3:a:xmlsoft:libxml2:2.6.1
  • XMLSoft Libxml2 2.6.11
    cpe:2.3:a:xmlsoft:libxml2:2.6.11
  • XMLSoft Libxml2 2.6.12
    cpe:2.3:a:xmlsoft:libxml2:2.6.12
  • XMLSoft Libxml2 2.6.13
    cpe:2.3:a:xmlsoft:libxml2:2.6.13
  • XMLSoft Libxml2 2.6.14
    cpe:2.3:a:xmlsoft:libxml2:2.6.14
  • Xmlsoft Libxml2 2.6.16
    cpe:2.3:a:xmlsoft:libxml2:2.6.16
  • XMLSoft Libxml2 2.6.17
    cpe:2.3:a:xmlsoft:libxml2:2.6.17
  • XMLSoft Libxml2 2.6.18
    cpe:2.3:a:xmlsoft:libxml2:2.6.18
  • XMLSoft Libxml2 2.6.2
    cpe:2.3:a:xmlsoft:libxml2:2.6.2
  • XMLSoft Libxml2 2.6.20
    cpe:2.3:a:xmlsoft:libxml2:2.6.20
  • XMLSoft Libxml2 2.6.21
    cpe:2.3:a:xmlsoft:libxml2:2.6.21
  • XMLSoft Libxml2 2.6.22
    cpe:2.3:a:xmlsoft:libxml2:2.6.22
  • XMLSoft Libxml2 2.6.23
    cpe:2.3:a:xmlsoft:libxml2:2.6.23
  • XMLSoft Libxml2 2.6.24
    cpe:2.3:a:xmlsoft:libxml2:2.6.24
  • XMLSoft Libxml2 2.6.25
    cpe:2.3:a:xmlsoft:libxml2:2.6.25
  • XMLSoft Libxml2 2.6.26
    cpe:2.3:a:xmlsoft:libxml2:2.6.26
  • XMLSoft Libxml2 2.6.27
    cpe:2.3:a:xmlsoft:libxml2:2.6.27
  • XMLSoft Libxml2 2.6.28
    cpe:2.3:a:xmlsoft:libxml2:2.6.28
  • XMLSoft Libxml2 2.6.29
    cpe:2.3:a:xmlsoft:libxml2:2.6.29
  • XMLSoft Libxml2 2.6.3
    cpe:2.3:a:xmlsoft:libxml2:2.6.3
  • XMLSoft Libxml2 2.6.30
    cpe:2.3:a:xmlsoft:libxml2:2.6.30
  • XMLSoft Libxml2 2.6.31
    cpe:2.3:a:xmlsoft:libxml2:2.6.31
  • XMLSoft Libxml2 2.6.32
    cpe:2.3:a:xmlsoft:libxml2:2.6.32
  • XMLSoft Libxml2 2.6.4
    cpe:2.3:a:xmlsoft:libxml2:2.6.4
  • XMLSoft Libxml2 2.6.5
    cpe:2.3:a:xmlsoft:libxml2:2.6.5
  • XMLSoft Libxml2 2.6.6
    cpe:2.3:a:xmlsoft:libxml2:2.6.6
  • XMLSoft Libxml2 2.6.7
    cpe:2.3:a:xmlsoft:libxml2:2.6.7
  • XMLSoft Libxml2 2.6.8
    cpe:2.3:a:xmlsoft:libxml2:2.6.8
  • XMLSoft Libxml2 2.6.9
    cpe:2.3:a:xmlsoft:libxml2:2.6.9
  • XMLSoft Libxml2 2.7.0
    cpe:2.3:a:xmlsoft:libxml2:2.7.0
  • XMLSoft Libxml2 2.7.1
    cpe:2.3:a:xmlsoft:libxml2:2.7.1
  • XMLSoft Libxml2 2.7.2
    cpe:2.3:a:xmlsoft:libxml2:2.7.2
  • XMLSoft Libxml2 2.7.3
    cpe:2.3:a:xmlsoft:libxml2:2.7.3
  • XMLSoft Libxml2 2.7.4
    cpe:2.3:a:xmlsoft:libxml2:2.7.4
  • XMLSoft Libxml2 2.7.5
    cpe:2.3:a:xmlsoft:libxml2:2.7.5
  • XMLSoft Libxml2 2.7.6
    cpe:2.3:a:xmlsoft:libxml2:2.7.6
  • XMLSoft Libxml2 2.7.7
    cpe:2.3:a:xmlsoft:libxml2:2.7.7
  • XMLSoft Libxml2 2.7.8
    cpe:2.3:a:xmlsoft:libxml2:2.7.8
  • XMLSoft Libxml2 2.9.0
    cpe:2.3:a:xmlsoft:libxml2:2.9.0
  • XMLSoft Libxml2 2.9.0 release candidate 1
    cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1
  • XMLSoft Libxml2 2.9.1
    cpe:2.3:a:xmlsoft:libxml2:2.9.1
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 10.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:-:-:lts
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
  • Red Hat Enterprise Linux 5.0
    cpe:2.3:o:redhat:enterprise_linux:5.0
CVSS
Base: 5.0 (as of 05-05-2016 - 11:29)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0097.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2015-1819 Enforce the reader to run in constant memory(rhbz#1214163) - Stop parsing on entities boundaries errors - Fix missing entities after CVE-2014-3660 fix (rhbz#1149086) - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149086) - Fix html serialization error and htmlSetMetaEncoding (rhbz#1004513)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85138
    published 2015-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85138
    title OracleVM 3.3 : libxml2 (OVMSA-2015-0097)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-151.NASL
    description It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This caused libxml2 to not parse an entity when it's used first in another entity referenced from an attribute value. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82134
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82134
    title Debian DLA-151-1 : libxml2 security update
  • NASL family Misc.
    NASL id APPLETV_7_2_1.NASL
    description According to its banner, the remote Apple TV device is a version prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities in the following components : - bootp - CFPreferences - CloudKit - Code Signing - CoreMedia Playback - CoreText - DiskImages - FontParser - ImageIO - IOHIDFamily - IOKit - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - libxslt - Location Framework - Office Viewer - QL Office - Sandbox_profiles - WebKit
    last seen 2019-02-21
    modified 2018-12-14
    plugin id 90315
    published 2016-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90315
    title Apple TV < 7.2.1 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1885.NASL
    description Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79380
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79380
    title RHEL 5 : libxml2 (RHSA-2014:1885)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1885.NASL
    description From Red Hat Security Advisory 2014:1885 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 79373
    published 2014-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79373
    title Oracle Linux 5 : libxml2 (ELSA-2014-1885)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0063.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Add libxml2-enterprise.patch - Replaced doc/redhat.gif in tarball with updated image - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1161841) - fixed one regexp bug and added a (rhbz#922450) - Another small change on the algorithm for the elimination of epsilon (rhbz#922450) - detect and stop excessive entities expansion upon replacement (rhbz#912573) - fix validation issues with some XSD (rhbz#877348) - xmlDOMWrapCloneNode discards namespace of the node parameter (rhbz#884707)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91745
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91745
    title OracleVM 3.2 : libxml2 (OVMSA-2016-0063)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-959.NASL
    description - update to 2.9.3 - full changelog: http://www.xmlsoft.org/news.html - fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-8035, CVE-2015-7942, CVE-2015-1819, CVE-2015-7941, CVE-2014-3660, CVE-2014-0191, CVE-2015-8241, CVE-2015-8317 - fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735], [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260], [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109], [bsc#957110]
    last seen 2019-02-21
    modified 2016-05-16
    plugin id 87631
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87631
    title openSUSE Security Update : libxml2 (openSUSE-2015-959)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0031.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149085) - Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011) - Improve handling of xmlStopParser(CVE-2013-2877) - Do not fetch external parameter entities (CVE-2014-0191) - Fix a regression in 2.9.0 breaking validation while streaming (rhbz#863166) - detect and stop excessive entities expansion upon replacement (rhbz#912575)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79546
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79546
    title OracleVM 3.3 : libxml2 (OVMSA-2014-0031)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2015-0001.NASL
    description a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating System. Mitigation For ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater. VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue. b. VMware Workstation, Player, and Fusion Denial of Service vulnerability VMware Workstation, Player, and Fusion contain an input validation issue in the Host Guest File System (HGFS). This issue may allow for a Denial of Service of the Guest Operating system. VMware would like to thank Peter Kamensky from Digital Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1043 to this issue. c. VMware ESXi, Workstation, and Player Denial of Service vulnerability VMware ESXi, Workstation, and Player contain an input validation issue in VMware Authorization process (vmware-authd). This issue may allow for a Denial of Service of the host. On VMware ESXi and on Workstation running on Linux the Denial of Service would be partial. VMware would like to thank Dmitry Yudin @ret5et for reporting this issue to us through HP's Zero Day Initiative. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-1044 to this issue. d. Update to VMware vCenter Server and ESXi for OpenSSL 1.0.1 and 0.9.8 package The OpenSSL library is updated to version 1.0.1j or 0.9.8zc to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-3513, CVE-2014-3567, CVE-2014-3566 (ìPOODLEî) and CVE-2014-3568 to these issues. e. Update to ESXi libxml2 package The libxml2 library is updated to version libxml2-2.7.6-17 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3660 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 81079
    published 2015-