The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 prior to 8.3.20, 8.4 prior to 8.4.13, 9.0 prior to 9.0.9, and 9.1 prior to 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 12.1 |
||
apple mac os x server 10.6.8 |
||
apple mac os x server |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
debian debian linux 6.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux eus 6.3 |