CVE-2017-1000061
Description
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.591
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gcrypt-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gcrypt-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gcrypt-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gcrypt-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gnutls-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gnutls-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gnutls-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-gnutls-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-nss-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-nss-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-nss-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-nss-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-openssl-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-openssl-1.2.20-7.el7_4.x86_64.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-openssl-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492) Moderate: xmlsec1 security update xmlsec1-openssl-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1 update (ELSA-2017-2492) xmlsec1-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-devel update (ELSA-2017-2492) xmlsec1-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-gcrypt update (ELSA-2017-2492) xmlsec1-gcrypt-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-gcrypt-devel update (ELSA-2017-2492) xmlsec1-gcrypt-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-gnutls update (ELSA-2017-2492) xmlsec1-gnutls-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-gnutls-devel update (ELSA-2017-2492) xmlsec1-gnutls-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-nss update (ELSA-2017-2492) xmlsec1-nss-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-nss-devel update (ELSA-2017-2492) xmlsec1-nss-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-openssl update (ELSA-2017-2492) xmlsec1-openssl-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1-openssl-devel update (ELSA-2017-2492) xmlsec1-openssl-devel-1.2.20-7.el7_4.x86_64.rpm | Linux |
| Xmlsec1 update (ELSA-2017-2492) xmlsec1-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-devel update (ELSA-2017-2492) xmlsec1-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-gcrypt update (ELSA-2017-2492) xmlsec1-gcrypt-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-gcrypt-devel update (ELSA-2017-2492) xmlsec1-gcrypt-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-gnutls update (ELSA-2017-2492) xmlsec1-gnutls-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-gnutls-devel update (ELSA-2017-2492) xmlsec1-gnutls-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-nss update (ELSA-2017-2492) xmlsec1-nss-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-nss-devel update (ELSA-2017-2492) xmlsec1-nss-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-openssl update (ELSA-2017-2492) xmlsec1-openssl-1.2.20-7.el7_4.i686.rpm | Linux |
| Xmlsec1-openssl-devel update (ELSA-2017-2492) xmlsec1-openssl-devel-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492)Moderate: security update xmlsec1-debuginfo-1.2.20-7.el7_4.i686.rpm | Linux |
| (RHSA-2017:2492)Moderate: security update xmlsec1-debuginfo-1.2.20-7.el7_4.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234