CVE-2018-12471 - A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read

CVE-2018-12471

Summary

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

References

https://bugzilla.suse.com/show_bug.cgi?id=1103809

Vulnerable Configurations

cpe:2.3:a:suse:subscription_management_tool:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.24:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.24:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.25:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.25:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.26:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.1.26:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.31:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.0.31:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.13.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.4:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.5:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.6:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.7:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.10:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.12:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.13:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.14:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.15:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.16:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.17:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.18:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.19:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:2.17.20:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.29:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.29:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.30:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.30:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.31:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.31:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.32:*:*:*:*:*:*:*
cpe:2.3:a:suse:subscription_management_tool:3.0.32:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 09-10-2019 - 23:33)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:P

refmap via4

confirm

https://bugzilla.suse.com/show_bug.cgi?id=1103809

Last major update

09-10-2019 - 23:33

Published

04-10-2018 - 14:29

Last modified

09-10-2019 - 23:33