Russian Vulnerability Scanner Database

Back to List

CVE-2008-3281

Scores

EPSS

0.008very_low0.8%
0%20%40%60%80%100%

Percentile: 0.8%

CVSS

6.5medium3.x
0246810

CVSS Score: 6.5/10

All CVSS Scores

CVSS 3.x
6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-776

Related Vulnerabilities

BDU:2015-09349

Exploits

Exploit ID: 32454

Source: exploitdb

URL: https://www.exploit-db.com/exploits/32454

Exploit ID: 8798

Source: exploitdb

URL: https://www.exploit-db.com/exploits/8798

Recommendations

Source: nvd

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188

URL: https://rhn.redhat.com/errata/RHSA-2008-0836.html

Vulnerable Software (18)

Type: Configuration

Product: chromium-browser

Operating System: debian

Trait: 
{  "fixed": "5.0.375.29~r46008-1"}

Source: debian

Type: Configuration

Product: libxml2

Operating System: rhel 2.1

Trait: 
{  "fixed": "2.4.19-9.ent"}

Source: redhat

Type: Configuration

Product: libxml2

Operating System: rhel 3

Trait: 
{  "fixed": "2.5.10-11"}

Source: redhat

Type: Configuration

Product: libxml2

Operating System: rhel 4

Trait: 
{  "fixed": "2.6.16-12.3"}

Source: redhat

Type: Configuration

Product: libxml2

Operating System: rhel 5

Trait: 
{  "fixed": "2.6.26-2.1.2.4"}

Source: redhat

Type: Configuration

Product: libxml2

Operating System: ubuntu hardy 8.04

Trait: 
{  "fixed": "2.6.31.dfsg-2ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: libxml2

Operating System: debian

Trait: 
{  "fixed": "2.6.32.dfsg-3"}

Source: debian

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_desktop

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_eus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_workstation

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: esx

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",      "vulner...

Source: nvd

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: iphone_os

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",      "versionEndExcluding": "4.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:apple:iphone...

Source: nvd

Type: Configuration

Vendor: *

Product: libxml2

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",      "versionEndIncluding": "2.6.32",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: safari

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",      "versionEndExcluding": "4.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:apple:iphone...

Source: nvd

Type: Configuration

Vendor: *

Product: ubuntu_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*...

Source: nvd

End of list