CVE-2013-1665 Information

Feb 14, 2021 cve

Description

The XML libraries for Python 3.4 3.3 3.2 3.1 2.7 and 2.6 as used in OpenStack Keystone Essex and Folsom Django and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference aka an XML External Entity (XXE) attack.

Reference

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html http://bugs.python.org/issue17239 http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html http://rhn.redhat.com/errata/RHSA-2013-0657.html http://rhn.redhat.com/errata/RHSA-2013-0658.html http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 http://www.openwall.com/lists/oss-security/2013/02/19/2 http://www.openwall.com/lists/oss-security/2013/02/19/4 https://bugs.launchpad.net/keystone/+bug/1100279

Share on: