CVE-2013-6461

Published: Nov 5, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

Affected (11)

Products: Nokogiri: Nokogiri · Debian: Debian Linux · Redhat: Cloudforms Management Engine, Enterprise Mrg, Openstack, Satellite, Subscription Asset Manager

1 product

1 product

5 products

Cloudforms Management Engine

Subscription Asset Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Nokogiri Nokogiri	From 1.5.0 to 1.5.11
Nokogiri Nokogiri	From 1.6.0 to 1.6.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Cloudforms Management Engine	Version 5.0
Redhat Enterprise Mrg	Version 2.0
Redhat Openstack	Version 3.0
Redhat Openstack	Version 4.0
Redhat Satellite	Version 6.0
Redhat Subscription Asset Manager	All versions

Related CWEs

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (12)

http://www.openwall.com/lists/oss-security/2013/12/27/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/64513

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/security/cve/cve-2013-6461

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90059

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://security-tracker.debian.org/tracker/CVE-2013-6461

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2013/12/27/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/64513

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/security/cve/cve-2013-6461

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90059

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://security-tracker.debian.org/tracker/CVE-2013-6461

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.