Published: 22/12/2016 Updated: 14/08/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmltwig xml-twig for perl -

Debian Bug report logs - #842893 libxml-twig-perl: CVE-2016-9180: expand_external_ents fails to work as documented Package: src:libxml-twig-perl; Maintainer for src:libxml-twig-perl is Bart Martens <bartm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 2 Nov 2016 06:09:01 UTC Severity: ...

A vulnerability was found in perl-XML-Twig External entity expansion (XXE) took place regardless of the setting 'expand_external_ents', which was supposed to disable this functionality if set to 0 (the default) or -1 An attacker could craft an XML message which, when processed by an application using perl-XML-Twig, could cause denial of service o ...

CWE-611 http://www.securityfocus.com/bid/94219 http://www.openwall.com/lists/oss-security/2016/11/04/2 http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842893 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-9180

CVE-2016-9180

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect