CVE-2016-9318 - OpenCVE

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xmlsec Project	Xmlsec
Canonical	Ubuntu Linux
Xmlsoft	Libxml2

Configuration 1 [-]

AND

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

cpe:2.3:a:xmlsec_project:xmlsec:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

References

Link	Resource
http://www.securityfocus.com/bid/94347	Third Party Advisory VDB Entry
https://bugzilla.gnome.org/show_bug.cgi?id=772726	Issue Tracking Patch Third Party Advisory VDB Entry
https://github.com/lsh123/xmlsec/issues/43	Exploit Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://security.gentoo.org/glsa/201711-01	Third Party Advisory
https://usn.ubuntu.com/3739-1/	Third Party Advisory
https://usn.ubuntu.com/3739-2/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-11-16T00:00:00

Updated: 2022-04-08T22:06:16

Reserved: 2016-11-14T00:00:00

Link: CVE-2016-9318

JSON object: View

NVD Information

Status : Modified

Published: 2016-11-16T00:59:00.180

Modified: 2022-04-08T23:15:07.503

Link: CVE-2016-9318

JSON object: View

Redhat Information

No data.

CWE

CWE-611

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-08T22:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/lsh123/xmlsec/issues/43"}, {"name": "USN-3739-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3739-1/"}, {"name": "GLSA-201711-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201711-01"}, {"name": "94347", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94347"}, {"name": "USN-3739-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3739-2/"}, {"name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9318", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.gnome.org/show_bug.cgi?id=772726", "refsource": "MISC", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726"}, {"name": "https://github.com/lsh123/xmlsec/issues/43", "refsource": "MISC", "url": "https://github.com/lsh123/xmlsec/issues/43"}, {"name": "USN-3739-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3739-1/"}, {"name": "GLSA-201711-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-01"}, {"name": "94347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94347"}, {"name": "USN-3739-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3739-2/"}, {"name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9318", "datePublished": "2016-11-16T00:00:00", "dateReserved": "2016-11-14T00:00:00", "dateUpdated": "2022-04-08T22:06:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CC4875D-A4B2-4A7C-B020-7C2E86412B7C", "versionEndIncluding": "2.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsec_project:xmlsec:*:*:*:*:*:*:*:*", "matchCriteriaId": "028F68AA-1521-4D93-B3C7-98D71FCB840F", "versionEndIncluding": "1.2.23", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document."}, {"lang": "es", "value": "libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero otros archivos no pueden ser abiertos, lo que facilita a atacantes remotos llevar a cabo ataques XML External Entity (XXE) a trav\u00e9s de un documento manipulado."}], "id": "CVE-2016-9318", "lastModified": "2022-04-08T23:15:07.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-16T00:59:00.180", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94347"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/lsh123/xmlsec/issues/43"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201711-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3739-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3739-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}