Vulnerability Bulletins |
Vulnerabilidad en librería Raptor XML |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software |
Redland Raptor 2.0.6 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 OpenOffice OpenOffice 3.4 Beta OpenOffice OpenOffice 3.3 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
Description |
|
|
Se ha detectado una vulnerabilidad en Raptor. Un atacante remoto puede explotar esta vulnerabilidad para conseguir información mediante ataques XML des de entidad externa. |
|
Solution |
|
| Hay actualizaciones disponibles que solventan esta vulnerabilidad. Consultar las referencias para más información. | |
Standar resources |
|
| Property | Value |
| CVE | CVE-2012-0037 BID/52681 |
| BID | |
Other resources |
|
|
Apache AOO 3.4 Unofficial Developer Snapshots Raptor Raptor Home page Jan Lieskovsky (CVE-2012-0037) CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF f OpenOffice CVE-2012-0037 OpenOffice.org data leakage vulnerability Rob Weir CVE-2012-0037 OpenOffice.org data leakage vulnerability |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2012-03-27 |