Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 01:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - Release Notes | |
References | () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - Release Notes | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - Mailing List | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0410.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0411.html - Third Party Advisory | |
References | () http://secunia.com/advisories/48479 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48493 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48494 - Broken Link | |
References | () http://secunia.com/advisories/48526 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48529 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48542 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48649 - Broken Link | |
References | () http://secunia.com/advisories/50692 - Broken Link | |
References | () http://secunia.com/advisories/60799 - Broken Link | |
References | () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory | |
References | () http://vsecurity.com/resources/advisory/20120324-1/ - Broken Link | |
References | () http://www.debian.org/security/2012/dsa-2438 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory | |
References | () http://www.libreoffice.org/advisories/CVE-2012-0037/ - Vendor Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - Broken Link | |
References | () http://www.openoffice.org/security/cves/CVE-2012-0037.html - Mitigation, Patch | |
References | () http://www.openwall.com/lists/oss-security/2012/03/27/4 - Exploit, Mailing List | |
References | () http://www.osvdb.org/80307 - Broken Link | |
References | () http://www.securityfocus.com/bid/52681 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1026837 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - Third Party Advisory, VDB Entry | |
References | () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - Patch | |
References | () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - Mailing List, Patch |
15 Feb 2024, 03:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CWE | CWE-611 | |
First Time |
Redhat storage
Redhat enterprise Linux Workstation Redhat enterprise Linux Server Aus Librdf raptor Redhat gluster Storage Server For On-premise Debian Redhat enterprise Linux Eus Debian debian Linux Fedoraproject fedora Redhat enterprise Linux Desktop Librdf Fedoraproject Redhat Apache openoffice Redhat enterprise Linux Server Redhat storage For Public Cloud |
|
CPE | cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.4.2:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.5:*:*:*:*:*:*:* cpe:2.3:a:redland:libraptor:*:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:a:librdf:raptor:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:* cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* |
References | () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - Release Notes | |
References | () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - Release Notes | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - Mailing List | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0410.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0411.html - Third Party Advisory | |
References | () http://secunia.com/advisories/48479 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48493 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48494 - Broken Link | |
References | () http://secunia.com/advisories/48526 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48529 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48542 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/48649 - Broken Link | |
References | () http://secunia.com/advisories/50692 - Broken Link | |
References | () http://secunia.com/advisories/60799 - Broken Link | |
References | () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory | |
References | () http://vsecurity.com/resources/advisory/20120324-1/ - Broken Link | |
References | () http://www.debian.org/security/2012/dsa-2438 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - Broken Link | |
References | () http://www.openoffice.org/security/cves/CVE-2012-0037.html - Mitigation, Patch | |
References | () http://www.openwall.com/lists/oss-security/2012/03/27/4 - Exploit, Mailing List | |
References | () http://www.osvdb.org/80307 - Broken Link | |
References | () http://www.securityfocus.com/bid/52681 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1026837 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - Third Party Advisory, VDB Entry | |
References | () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - Patch | |
References | () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - Mailing List, Patch |
Information
Published : 2012-06-17 03:41
Updated : 2024-11-21 01:34
NVD link : CVE-2012-0037
Mitre link : CVE-2012-0037
CVE.ORG link : CVE-2012-0037
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- storage
- enterprise_linux_eus
- enterprise_linux_workstation
- storage_for_public_cloud
- gluster_storage_server_for_on-premise
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_desktop
apache
- openoffice
librdf
- raptor
debian
- debian_linux
libreoffice
- libreoffice
CWE
CWE-611
Improper Restriction of XML External Entity Reference