CVE-2016-9318
published 2016-11-16CVE-2016-9318: libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be…
PriorityP429medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
2.94%
85.4th percentile
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libxml2 | < libxml2 2.9.10+dfsg-2 (bookworm) | libxml2 2.9.10+dfsg-2 (bookworm) |
| xmlsoft | libxml2 | <= 2.9.4 | — |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2 | 2.9.10+dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2 | 2.9.10+dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2 | 2.9.10+dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2 | 2.9.10+dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.13 | 2.9.1+dfsg1-3ubuntu4.13 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1ubuntu0.6 | 2.9.3+dfsg1-1ubuntu0.6 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libxml2 vulnerabilities
osv·2018-08-14·CVSS 5.5
CVE-2016-9318 [MEDIUM] libxml2 vulnerabilities
libxml2 vulnerabilities
Matias Brutti discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2016-9318)
It was discovered that libxml2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932)
It was discovered that libxml2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18258, CVE-2018-14404, CVE-2018-14567)
OSV
CVE-2016-9318: libxml2 2
osv·2016-11-16·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318: libxml2 2
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2018-08-14·CVSS 5.5
CVE-2016-9318 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
Matias Brutti discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2016-9318)
It was discovered that libxml2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-2017-16932)
It was discovered that libxml2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18258, CVE-2018-14404, CVE-2018-14567)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2018-08-14·CVSS 5.5
CVE-2016-9318 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
USN-3739-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04.
Original advisory details:
Matias Brutti discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2016-9318)
It was discovered that libxml2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14404)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libxml2: XML External Entity vulnerability
vendor_redhat·2016-10-06·CVSS 5.5
CVE-2016-9318 [MEDIUM] CWE-611 libxml2: XML External Entity vulnerability
libxml2: XML External Entity vulnerability
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
Mitigation: Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.
Package: libxml2 (Red Hat Enterprise Linux 5) - Will not fix
Package: libxml2 (Red Hat Enterprise Linux 6) - Will not fix
Package: libxml2 (Red Hat Enterprise Linux 7) - Will not fix
Package: httpd (Red Hat JBoss Core Services) - A
Debian
CVE-2016-9318: libxml2 - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other produc...
vendor_debian·2016·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318: libxml2 - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other produc...
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
Scope: local
bookworm: resolved (fixed in 2.9.10+dfsg-2)
bullseye: resolved (fixed in 2.9.10+dfsg-2)
forky: resolved (fixed in 2.9.10+dfsg-2)
sid: resolved (fixed in 2.9.10+dfsg-2)
trixie: resolved (fixed in 2.9.10+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000061 xmlsec1: xmlsec vulnerable to external entity expansion
bugzilla·2017-03-30·CVSS 5.5
CVE-2017-1000061 [MEDIUM] CVE-2017-1000061 xmlsec1: xmlsec vulnerable to external entity expansion
CVE-2017-1000061 xmlsec1: xmlsec vulnerable to external entity expansion
xmlsec is vulnerable to XML External Entity Expansion via libxml2 (see CVE-2016-9318). A workaround is in progress on the upstream bug report.
Upstream bug:
https://github.com/lsh123/xmlsec/issues/43
Discussion:
Is this affecting only the command line utility ?
---
(In reply to Simo Sorce from comment #2)
> Is this affecting only the command line utility ?
The library is affected as well, as it uses libxml2 in the same way.
---
I see no patch for the library upstream.
What's the recommendation ?
---
(In reply to Simo Sorce from comment #4)
> I see no patch for the library upstream.
> What's the recommendation ?
The merge request on the upstream ticket applies to the library as well (xmlSecInit() in src/xm
Bugzilla
CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [epel-7]
bugzilla·2016-11-16·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [epel-7]
CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs
Bugzilla
CVE-2016-9318 libxml2: XML External Entity vulnerability
bugzilla·2016-11-16·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318 libxml2: XML External Entity vulnerability
CVE-2016-9318 libxml2: XML External Entity vulnerability
Improper Restriction of XML External Entity Reference vulnerability was found in libxml2. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=772726
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1395610]
---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1395611]
Affects: epel-7 [bug 1395612]
---
See also CVE-2017-7375 (bug 1462203) which is a similar failure to restrict external entities. The fix for CVE-2016-9318 (when it's ready) should al
Bugzilla
CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [fedora-all]
bugzilla·2016-11-16·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [fedora-all]
CVE-2016-9318 mingw-libxml2: libxml2: XML External Entity vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versi
Bugzilla
CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
bugzilla·2016-11-16·CVSS 5.5
CVE-2016-9318 [MEDIUM] CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
bugzilla·2016-10-13·CVSS 9.8
CVE-2016-4658 [CRITICAL] CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
Possible use after free vulnerability via namespace nodes in XPointer ranges was found.
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1384427]
---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1384429]
Affects: epel-7 [bug 1384430]
---
(In reply to Adam Mariš from comment #0)
> Possible use after free vulnerability via namespace nodes in XPointer ranges
> was found.
>
> Upstream patch:
>
> https://git.gnome.org/browse/libxml2/commit/
> ?id=c1d1f7121194036608bf555f08d3062a36fd344b
Hello Adam,
We have been monitoring the URL ftp://xml
http://www.securityfocus.com/bid/94347https://bugzilla.gnome.org/show_bug.cgi?id=772726https://github.com/lsh123/xmlsec/issues/43https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://security.gentoo.org/glsa/201711-01https://usn.ubuntu.com/3739-1/https://usn.ubuntu.com/3739-2/http://www.securityfocus.com/bid/94347https://bugzilla.gnome.org/show_bug.cgi?id=772726https://github.com/lsh123/xmlsec/issues/43https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://security.gentoo.org/glsa/201711-01https://usn.ubuntu.com/3739-1/https://usn.ubuntu.com/3739-2/
2016-11-16
Published