Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-0340

Published: 21/01/2014 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Libexpat Project

Vulnerability Summary

expat 2.1.0 and previous versions does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote malicious users to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libexpat project libexpat

python python

apple ipados

apple iphone os

apple macos

apple watchos

apple tvos

Vendor Advisories

Debian CVElist Bug Report Logs: expat: CVE-2013-0340
Debian Bug report logs - #1001864 expat: CVE-2013-0340 Package: expat; Maintainer for expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for expat is src:expat (PTS, buildd, popcon) Reported by: "Devalla, Manoj Raj" <ManojRajDevalla@Cernercom> Date: Fri, 17 Dec 2021 22:36:02 UTC Severity: important Tags: s ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Mailing Lists

Full Disclosure: APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 <!--X-Subject-Header-End--> <!--X-He ...
Full Disclosure: APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 <!--X-Subject-Header-End-- ...
Full Disclosure: APPLE-SA-2021-09-20-2 watchOS 8
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-09-20-2 watchOS 8 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: product-security-noreply- ...
Full Disclosure: APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: product-securi ...

Github Repositories

https://github.com/knqyf263/gost

Build a local copy of Security Tracker. Notify via E-mail/Slack if there is an update.

gost (go-security-tracker) gost builds a local copy of Security Tracker(Redhat/Debian/Ubuntu/Microsoft) After you register CVEs to watch list, gost notify via E-mail/Slack if there is an update The pronunciation of gost is the same as the English word "ghost"

https://github.com/vulsio/gost

Build a local copy of Security Tracker. Notify via E-mail/Slack if there is an update.

gost (go-security-tracker) gost builds a local copy of Security Tracker(Redhat/Debian/Ubuntu/Microsoft) After you register CVEs to watch list, gost notify via E-mail/Slack if there is an update The pronunciation of gost is the same as the English word "ghost"

References

CWE-611http://openwall.com/lists/oss-security/2013/02/22/3http://www.openwall.com/lists/oss-security/2013/04/12/6http://www.osvdb.org/90634http://securitytracker.com/id?1028213http://www.securityfocus.com/bid/58233https://security.gentoo.org/glsa/201701-21https://support.apple.com/kb/HT212814https://support.apple.com/kb/HT212815https://support.apple.com/kb/HT212819https://support.apple.com/kb/HT212807https://support.apple.com/kb/HT212804https://support.apple.com/kb/HT212805http://seclists.org/fulldisclosure/2021/Sep/39http://seclists.org/fulldisclosure/2021/Sep/38http://seclists.org/fulldisclosure/2021/Sep/35http://seclists.org/fulldisclosure/2021/Sep/34http://seclists.org/fulldisclosure/2021/Sep/33http://seclists.org/fulldisclosure/2021/Sep/40http://www.openwall.com/lists/oss-security/2021/10/07/4http://seclists.org/fulldisclosure/2021/Oct/61http://seclists.org/fulldisclosure/2021/Oct/63http://seclists.org/fulldisclosure/2021/Oct/62https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3Ehttps://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001864https://nvd.nist.govhttps://github.com/knqyf263/gosthttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook