ID CVE-2016-9318
Summary libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
References
Vulnerable Configurations
  • XMLSoft Libxml2 2.9.4
    cpe:2.3:a:xmlsoft:libxml2:2.9.4
  • cpe:2.3:a:aleksey:xml_security_library:1.2.23
    cpe:2.3:a:aleksey:xml_security_library:1.2.23
CVSS
Base: 6.8 (as of 29-11-2016 - 12:02)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0380-1.NASL
    description This update for libxml2 fixes the following issues : - CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 97015
    published 2017-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97015
    title SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1070.NASL
    description According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.(CVE-2016-9318) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-10
    plugin id 99936
    published 2017-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99936
    title EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A3A47973EB.NASL
    description Update to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2017-04-20
    plugin id 99491
    published 2017-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99491
    title Fedora 25 : libxml2 (2017-a3a47973eb)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0164-1.NASL
    description This update for libxml2 fixes the following issues : - CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). - Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 96566
    published 2017-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96566
    title SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-BE8574D593.NASL
    description Update to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2017-04-20
    plugin id 99492
    published 2017-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99492
    title Fedora 24 : libxml2 (2017-be8574d593)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1069.NASL
    description According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.(CVE-2016-9318) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-10
    plugin id 99916
    published 2017-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99916
    title EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1366-1.NASL
    description This update for libxml2 fixes the following issues : - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497) - CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652) - CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 100352
    published 2017-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100352
    title SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201711-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-03-27
    plugin id 104492
    published 2017-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104492
    title GLSA-201711-01 : libxml2: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1557-1.NASL
    description This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063] - CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2018-07-31
    plugin id 100780
    published 2017-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100780
    title SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-244.NASL
    description This update for libxml2 fixes the following issues : - CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-09-01
    modified 2017-02-13
    plugin id 97116
    published 2017-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97116
    title openSUSE Security Update : libxml2 (openSUSE-2017-244)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0001.NASL
    description An update of [openssh,linux,libxml2] packages for PhotonOS has been released.
    last seen 2018-09-19
    modified 2018-09-17
    plugin id 111850
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111850
    title Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001
refmap via4
bid 94347
gentoo GLSA-201711-01
misc
ubuntu
  • USN-3739-1
  • USN-3739-2
Last major update 29-11-2016 - 13:02
Published 15-11-2016 - 19:59
Last modified 15-08-2018 - 06:29
Back to Top