CVE-2012-3489

MEDIUMCVSS 6.5

6.5

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

🔗 References (42)

secalert@redhathttp://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2012-1263.html
secalert@redhathttp://secunia.com/advisories/50635
secalert@redhathttp://secunia.com/advisories/50718
secalert@redhathttp://secunia.com/advisories/50859
secalert@redhathttp://secunia.com/advisories/50946
secalert@redhathttp://www.debian.org/security/2012/dsa-2534
secalert@redhathttp://www.mandriva.com/security/advisories?name=MDVSA-2012:139
secalert@redhathttp://www.postgresql.org/about/news/1407/
secalert@redhathttp://www.postgresql.org/docs/8.3/static/release-8-3-20.html
secalert@redhathttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html
secalert@redhathttp://www.postgresql.org/docs/9.0/static/release-9-0-9.html

Is Your Infrastructure Affected by CVE-2012-3489?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3489

📅 Published

🔄 Last Modified

🔗 References (42)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3489?