The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/94401 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037379 | Third Party Advisory VDB Entry |
https://security.paloaltonetworks.com/CVE-2016-9149 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-11-19T06:29:00
Updated: 2020-02-17T16:03:45
Reserved: 2016-11-03T00:00:00
Link: CVE-2016-9149
JSON object: View
NVD Information
Status : Modified
Published: 2016-11-19T06:59:00.230
Modified: 2020-02-17T16:15:19.020
Link: CVE-2016-9149
JSON object: View
Redhat Information
No data.
CWE