CVE-2012-3488

NONECVSS 0.0

0.0

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

🔗 References (48)

secalert@redhathttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1263.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1264.html
secalert@redhathttp://secunia.com/advisories/50635
secalert@redhathttp://secunia.com/advisories/50636
secalert@redhathttp://secunia.com/advisories/50718
secalert@redhathttp://secunia.com/advisories/50859
secalert@redhathttp://secunia.com/advisories/50946
secalert@redhathttp://www.debian.org/security/2012/dsa-2534
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:139
secalert@redhathttp://www.postgresql.org/about/news/1407/

Is Your Infrastructure Affected by CVE-2012-3488?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3488

📅 Published

🔄 Last Modified

🔗 References (48)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3488?