libxml2 2.9.4 and previous versions, as used in XMLSec 1.2.23 and previous versions and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote malicious users to conduct XML External Entity (XXE) attacks via a crafted document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxml2 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |