Published: 03/04/2013 Updated: 15/05/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack folsom -
openstack keystone essex -

Debian Bug report logs - #701186 python-django: CVE-2013-0305 CVE-2013-0306 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg& ...

Debian Bug report logs - #700948 keystone: CVE-2013-1664 (DoS in xml entitiy parsing) and CVE-2013-1665 (nformation leak via xml entity parsing) Package: keystone; Maintainer for keystone is Debian OpenStack <team+openstack@trackerdebianorg>; Source for keystone is src:keystone (PTS, buildd, popcon) Reported by: Thomas Goi ...

Several security issues were fixed in Django ...

Keystone could be made to crash or expose sensitive information over the network ...

Synopsis Moderate: openstack-cinder security and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-cinder packages that fix two security issues and add oneenhancement are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as ...

Synopsis Moderate: openstack-keystone security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-keystone packages that fix multiple security issues,various bugs, and add enhancements are now available for Red Hat OpenStackFolsomThe Red Hat Security Response ...

Synopsis Moderate: openstack-nova security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-nova packages that fix two security issues, several bugs,and add an enhancement are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Team has ...

Synopsis Moderate: Django security update Type/Severity Security Advisory: Moderate Topic Updated Django packages that fix multiple security issues are now availablefor Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...

CWE-200 http://www.openwall.com/lists/oss-security/2013/02/19/4 https://bugs.launchpad.net/keystone/+bug/1100279 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://www.openwall.com/lists/oss-security/2013/02/19/2 http://rhn.redhat.com/errata/RHSA-2013-0658.html http://rhn.redhat.com/errata/RHSA-2013-0657.html http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html http://bugs.python.org/issue17239 http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 http://rhn.redhat.com/errata/RHSA-2013-0670.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701186 https://usn.ubuntu.com/1757-1/

CVE-2013-1665

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect