CVE-2013-0340
Description
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.15 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.23 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.1 | Windows |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.8 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.5 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.3 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.2 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.1 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.4 - Software Update | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.7 - Software Update | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605752 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234