Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for keystone_essex by openstack

    CVE-2013-1665 (GCVE-0-2013-1665)

    Vulnerability from nvd – Published: 2013-04-03 00:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:31.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
              },
              {
                "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
              },
              {
                "name": "RHSA-2013:0658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
              },
              {
                "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
              },
              {
                "name": "USN-1757-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1757-1"
              },
              {
                "name": "RHSA-2013:0657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
              },
              {
                "name": "DSA-2634",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
              },
              {
                "name": "RHSA-2013:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.python.org/issue17239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
            },
            {
              "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
            },
            {
              "name": "RHSA-2013:0658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
            },
            {
              "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
            },
            {
              "name": "USN-1757-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1757-1"
            },
            {
              "name": "RHSA-2013:0657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
            },
            {
              "name": "DSA-2634",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
            },
            {
              "name": "RHSA-2013:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.python.org/issue17239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
                },
                {
                  "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
                },
                {
                  "name": "RHSA-2013:0658",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
                },
                {
                  "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
                },
                {
                  "name": "USN-1757-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1757-1"
                },
                {
                  "name": "RHSA-2013:0657",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
                },
                {
                  "name": "DSA-2634",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2634"
                },
                {
                  "name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
                },
                {
                  "name": "RHSA-2013:0670",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
                },
                {
                  "name": "http://bugs.python.org/issue17239",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.python.org/issue17239"
                },
                {
                  "name": "https://bugs.launchpad.net/keystone/+bug/1100279",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1665",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2013-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:31.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1664 (GCVE-0-2013-1664)

    Vulnerability from nvd – Published: 2013-04-03 00:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
              },
              {
                "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
              },
              {
                "name": "RHSA-2013:0658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
              },
              {
                "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
              },
              {
                "name": "USN-1757-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1757-1"
              },
              {
                "name": "RHSA-2013:0657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/nova/+bug/1100282"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
              },
              {
                "name": "RHSA-2013:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.python.org/issue17239"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
            },
            {
              "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
            },
            {
              "name": "RHSA-2013:0658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
            },
            {
              "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
            },
            {
              "name": "USN-1757-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1757-1"
            },
            {
              "name": "RHSA-2013:0657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/nova/+bug/1100282"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
            },
            {
              "name": "RHSA-2013:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.python.org/issue17239"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
                },
                {
                  "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
                },
                {
                  "name": "RHSA-2013:0658",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
                },
                {
                  "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
                },
                {
                  "name": "USN-1757-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1757-1"
                },
                {
                  "name": "RHSA-2013:0657",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
                },
                {
                  "name": "https://bugs.launchpad.net/nova/+bug/1100282",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/nova/+bug/1100282"
                },
                {
                  "name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
                },
                {
                  "name": "RHSA-2013:0670",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
                },
                {
                  "name": "http://bugs.python.org/issue17239",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.python.org/issue17239"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1664",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2013-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:32.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1664 (GCVE-0-2013-1664)

    Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
              },
              {
                "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
              },
              {
                "name": "RHSA-2013:0658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
              },
              {
                "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
              },
              {
                "name": "USN-1757-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1757-1"
              },
              {
                "name": "RHSA-2013:0657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/nova/+bug/1100282"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
              },
              {
                "name": "RHSA-2013:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.python.org/issue17239"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
            },
            {
              "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
            },
            {
              "name": "RHSA-2013:0658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
            },
            {
              "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
            },
            {
              "name": "USN-1757-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1757-1"
            },
            {
              "name": "RHSA-2013:0657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/nova/+bug/1100282"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
            },
            {
              "name": "RHSA-2013:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.python.org/issue17239"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
                },
                {
                  "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
                },
                {
                  "name": "RHSA-2013:0658",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
                },
                {
                  "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
                },
                {
                  "name": "USN-1757-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1757-1"
                },
                {
                  "name": "RHSA-2013:0657",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
                },
                {
                  "name": "https://bugs.launchpad.net/nova/+bug/1100282",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/nova/+bug/1100282"
                },
                {
                  "name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
                },
                {
                  "name": "RHSA-2013:0670",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
                },
                {
                  "name": "http://bugs.python.org/issue17239",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.python.org/issue17239"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1664",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2013-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:32.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1665 (GCVE-0-2013-1665)

    Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-08-06 15:13
    VLAI
    Summary
    The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:31.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
              },
              {
                "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
              },
              {
                "name": "RHSA-2013:0658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
              },
              {
                "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
              },
              {
                "name": "USN-1757-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-1757-1"
              },
              {
                "name": "RHSA-2013:0657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
              },
              {
                "name": "DSA-2634",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
              },
              {
                "name": "RHSA-2013:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.python.org/issue17239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
            },
            {
              "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
            },
            {
              "name": "RHSA-2013:0658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
            },
            {
              "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
            },
            {
              "name": "USN-1757-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-1757-1"
            },
            {
              "name": "RHSA-2013:0657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
            },
            {
              "name": "DSA-2634",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
            },
            {
              "name": "RHSA-2013:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.python.org/issue17239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1665",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
                },
                {
                  "name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
                },
                {
                  "name": "RHSA-2013:0658",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
                },
                {
                  "name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
                },
                {
                  "name": "USN-1757-1",
                  "refsource": "UBUNTU",
                  "url": "http://ubuntu.com/usn/usn-1757-1"
                },
                {
                  "name": "RHSA-2013:0657",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
                },
                {
                  "name": "DSA-2634",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2634"
                },
                {
                  "name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
                  "refsource": "CONFIRM",
                  "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
                },
                {
                  "name": "RHSA-2013:0670",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
                },
                {
                  "name": "http://bugs.python.org/issue17239",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.python.org/issue17239"
                },
                {
                  "name": "https://bugs.launchpad.net/keystone/+bug/1100279",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/keystone/+bug/1100279"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1665",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2013-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:13:31.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }