cve-2012-0876
Vulnerability from cvelistv5
Published
2012-07-03 19:00
Modified
2024-08-06 18:38
Severity ?
Summary
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
References
secalert@redhat.comhttp://bugs.python.org/issue13703#msg151870Issue Tracking, Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlBroken Link, Mailing List
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlBroken Link, Mailing List
secalert@redhat.comhttp://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.htmlBroken Link
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0731.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0062.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/49504Not Applicable
secalert@redhat.comhttp://secunia.com/advisories/51024Not Applicable
secalert@redhat.comhttp://secunia.com/advisories/51040Not Applicable
secalert@redhat.comhttp://sourceforge.net/projects/expat/files/expat/2.1.0/Release Notes, Third Party Advisory
secalert@redhat.comhttp://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2525Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:041Broken Link
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/52379Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1527-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1613-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1613-2Third Party Advisory
secalert@redhat.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10365Broken Link
secalert@redhat.comhttps://support.apple.com/HT205637Third Party Advisory
secalert@redhat.comhttps://www.tenable.com/security/tns-2016-20Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.python.org/issue13703#msg151870Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlBroken Link, Mailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.htmlBroken Link, Mailing List
af854a3a-2127-422b-91ae-364da2661108http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0731.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0062.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2957.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49504Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51024Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51040Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/projects/expat/files/expat/2.1.0/Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2525Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:041Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52379Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1527-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1613-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1613-2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10365Broken Link
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205637Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2016-20Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:15.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49504",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49504"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-20"
          },
          {
            "name": "USN-1527-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1527-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.python.org/issue13703#msg151870"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205637"
          },
          {
            "name": "51040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "name": "RHSA-2012:0731",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"
          },
          {
            "name": "52379",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52379"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
          },
          {
            "name": "RHSA-2016:0062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"
          },
          {
            "name": "APPLE-SA-2013-10-22-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          },
          {
            "name": "APPLE-SA-2015-12-08-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
          },
          {
            "name": "DSA-2525",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2525"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "name": "MDVSA-2012:041",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "USN-1613-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-2"
          },
          {
            "name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"
          },
          {
            "name": "51024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "name": "USN-1613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-31T07:06:47",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "49504",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49504"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2016-20"
        },
        {
          "name": "USN-1527-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1527-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.python.org/issue13703#msg151870"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205637"
        },
        {
          "name": "51040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51040"
        },
        {
          "name": "RHSA-2012:0731",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"
        },
        {
          "name": "52379",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52379"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
        },
        {
          "name": "RHSA-2016:0062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"
        },
        {
          "name": "APPLE-SA-2013-10-22-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
        },
        {
          "name": "APPLE-SA-2015-12-08-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
        },
        {
          "name": "DSA-2525",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2525"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
        },
        {
          "name": "MDVSA-2012:041",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "USN-1613-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-2"
        },
        {
          "name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"
        },
        {
          "name": "51024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51024"
        },
        {
          "name": "USN-1613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0876",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49504",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49504"
            },
            {
              "name": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127"
            },
            {
              "name": "https://www.tenable.com/security/tns-2016-20",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "USN-1527-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1527-1"
            },
            {
              "name": "http://bugs.python.org/issue13703#msg151870",
              "refsource": "MISC",
              "url": "http://bugs.python.org/issue13703#msg151870"
            },
            {
              "name": "https://support.apple.com/HT205637",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205637"
            },
            {
              "name": "51040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51040"
            },
            {
              "name": "RHSA-2012:0731",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0731.html"
            },
            {
              "name": "52379",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52379"
            },
            {
              "name": "http://sourceforge.net/projects/expat/files/expat/2.1.0/",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/"
            },
            {
              "name": "RHSA-2016:0062",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0062.html"
            },
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html"
            },
            {
              "name": "DSA-2525",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2525"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "MDVSA-2012:041",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:041"
            },
            {
              "name": "RHSA-2016:2957",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "USN-1613-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-2"
            },
            {
              "name": "[Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested",
              "refsource": "MLIST",
              "url": "http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html"
            },
            {
              "name": "51024",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51024"
            },
            {
              "name": "USN-1613-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-1"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0876",
    "datePublished": "2012-07-03T19:00:00",
    "dateReserved": "2012-01-19T00:00:00",
    "dateUpdated": "2024-08-06T18:38:15.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0876\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-07-03T19:55:02.210\",\"lastModified\":\"2024-11-21T01:35:53.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.\"},{\"lang\":\"es\",\"value\":\"El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegaci\u00f3n de servicio (por consumo de CPU) a atacantes dependientes de contexto a trav\u00e9s de un archivo XML con muchos identificadores con el mismo valor.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.0\",\"matchCriteriaId\":\"B435E8AA-8792-4F5A-9F06-203D998E1A32\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.8\",\"matchCriteriaId\":\"6229588C-F7CC-4B5B-B3EF-88B5C8DFB989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.3\",\"matchCriteriaId\":\"B2AACE9B-4A26-436B-A75A-FE1AB98B7706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.1.5\",\"matchCriteriaId\":\"4267C919-3B32-46A1-8B95-514E0B721440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndExcluding\":\"3.2.3\",\"matchCriteriaId\":\"B1FCEF2B-A273-431E-819A-A5CE0F52A63C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"01EDA41C-6B2E-49AF-B503-EB3882265C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF49D26F-142E-468B-87C1-BABEA445255C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4174F4F-149E-41A6-BBCC-D01114C05F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52B90A04-DD6D-4AE7-A0E5-6B381127D507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0554C89-3716-49F3-BFAE-E008D5E4E29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6D0378-F0F4-4AAA-80AF-8287C790EC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}],\"references\":[{\"url\":\"http://bugs.python.org/issue13703#msg151870\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0731.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0062.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2957.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/49504\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/51024\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/51040\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://sourceforge.net/projects/expat/files/expat/2.1.0/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2525\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:041\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/52379\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1527-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://bugs.python.org/issue13703#msg151870\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0731.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0062.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2957.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/49504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/51024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/51040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://sourceforge.net/projects/expat/files/expat/2.1.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026atid=110127\u0026aid=3496608\u0026group_id=10127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/52379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1527-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.