CVE-2012-0037

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
References
Link Resource
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ Release Notes
http://librdf.org/raptor/RELEASE.html#rel2_0_7 Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html Mailing List
http://rhn.redhat.com/errata/RHSA-2012-0410.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.html Third Party Advisory
http://secunia.com/advisories/48479 Broken Link Vendor Advisory
http://secunia.com/advisories/48493 Broken Link Vendor Advisory
http://secunia.com/advisories/48494 Broken Link
http://secunia.com/advisories/48526 Broken Link Vendor Advisory
http://secunia.com/advisories/48529 Broken Link Vendor Advisory
http://secunia.com/advisories/48542 Broken Link Vendor Advisory
http://secunia.com/advisories/48649 Broken Link
http://secunia.com/advisories/50692 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory
http://vsecurity.com/resources/advisory/20120324-1/ Broken Link
http://www.debian.org/security/2012/dsa-2438 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.libreoffice.org/advisories/CVE-2012-0037/ Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 Broken Link
http://www.openoffice.org/security/cves/CVE-2012-0037.html Mitigation Patch
http://www.openwall.com/lists/oss-security/2012/03/27/4 Exploit Mailing List
http://www.osvdb.org/80307 Broken Link
http://www.securityfocus.com/bid/52681 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1026837 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 Third Party Advisory VDB Entry
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 Patch
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E Mailing List Patch
http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ Release Notes
http://librdf.org/raptor/RELEASE.html#rel2_0_7 Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html Mailing List
http://rhn.redhat.com/errata/RHSA-2012-0410.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.html Third Party Advisory
http://secunia.com/advisories/48479 Broken Link Vendor Advisory
http://secunia.com/advisories/48493 Broken Link Vendor Advisory
http://secunia.com/advisories/48494 Broken Link
http://secunia.com/advisories/48526 Broken Link Vendor Advisory
http://secunia.com/advisories/48529 Broken Link Vendor Advisory
http://secunia.com/advisories/48542 Broken Link Vendor Advisory
http://secunia.com/advisories/48649 Broken Link
http://secunia.com/advisories/50692 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://security.gentoo.org/glsa/glsa-201209-05.xml Third Party Advisory
http://vsecurity.com/resources/advisory/20120324-1/ Broken Link
http://www.debian.org/security/2012/dsa-2438 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.libreoffice.org/advisories/CVE-2012-0037/ Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 Broken Link
http://www.openoffice.org/security/cves/CVE-2012-0037.html Mitigation Patch
http://www.openwall.com/lists/oss-security/2012/03/27/4 Exploit Mailing List
http://www.osvdb.org/80307 Broken Link
http://www.securityfocus.com/bid/52681 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1026837 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 Third Party Advisory VDB Entry
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 Patch
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E Mailing List Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:librdf:raptor:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:34

Type Values Removed Values Added
References () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - Release Notes () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - Release Notes
References () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - Release Notes () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - Release Notes
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - Mailing List
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - Mailing List
References () http://rhn.redhat.com/errata/RHSA-2012-0410.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0410.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-0411.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2012-0411.html - Third Party Advisory
References () http://secunia.com/advisories/48479 - Broken Link, Vendor Advisory () http://secunia.com/advisories/48479 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48493 - Broken Link, Vendor Advisory () http://secunia.com/advisories/48493 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48494 - Broken Link () http://secunia.com/advisories/48494 - Broken Link
References () http://secunia.com/advisories/48526 - Broken Link, Vendor Advisory () http://secunia.com/advisories/48526 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48529 - Broken Link, Vendor Advisory () http://secunia.com/advisories/48529 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48542 - Broken Link, Vendor Advisory () http://secunia.com/advisories/48542 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48649 - Broken Link () http://secunia.com/advisories/48649 - Broken Link
References () http://secunia.com/advisories/50692 - Broken Link () http://secunia.com/advisories/50692 - Broken Link
References () http://secunia.com/advisories/60799 - Broken Link () http://secunia.com/advisories/60799 - Broken Link
References () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory
References () http://vsecurity.com/resources/advisory/20120324-1/ - Broken Link () http://vsecurity.com/resources/advisory/20120324-1/ - Broken Link
References () http://www.debian.org/security/2012/dsa-2438 - Third Party Advisory () http://www.debian.org/security/2012/dsa-2438 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory
References () http://www.libreoffice.org/advisories/CVE-2012-0037/ - Vendor Advisory () http://www.libreoffice.org/advisories/CVE-2012-0037/ - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - Broken Link
References () http://www.openoffice.org/security/cves/CVE-2012-0037.html - Mitigation, Patch () http://www.openoffice.org/security/cves/CVE-2012-0037.html - Mitigation, Patch
References () http://www.openwall.com/lists/oss-security/2012/03/27/4 - Exploit, Mailing List () http://www.openwall.com/lists/oss-security/2012/03/27/4 - Exploit, Mailing List
References () http://www.osvdb.org/80307 - Broken Link () http://www.osvdb.org/80307 - Broken Link
References () http://www.securityfocus.com/bid/52681 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/52681 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1026837 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1026837 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - Third Party Advisory, VDB Entry
References () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - Patch () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - Patch
References () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - Mailing List, Patch () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - Mailing List, Patch

15 Feb 2024, 03:22

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : unknown
v2 : 4.3
v3 : 6.5
CWE CWE-200 CWE-611
First Time Redhat storage
Redhat enterprise Linux Workstation
Redhat enterprise Linux Server Aus
Librdf raptor
Redhat gluster Storage Server For On-premise
Debian
Redhat enterprise Linux Eus
Debian debian Linux
Fedoraproject fedora
Redhat enterprise Linux Desktop
Librdf
Fedoraproject
Redhat
Apache openoffice
Redhat enterprise Linux Server
Redhat storage For Public Cloud
CPE cpe:2.3:a:libreoffice:libreoffice:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.5:*:*:*:*:*:*:*
cpe:2.3:a:redland:libraptor:*:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:a:librdf:raptor:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
References () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - () http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - Release Notes
References () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - () http://librdf.org/raptor/RELEASE.html#rel2_0_7 - Release Notes
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html - Mailing List
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html - Mailing List
References () http://rhn.redhat.com/errata/RHSA-2012-0410.html - () http://rhn.redhat.com/errata/RHSA-2012-0410.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2012-0411.html - () http://rhn.redhat.com/errata/RHSA-2012-0411.html - Third Party Advisory
References () http://secunia.com/advisories/48479 - Vendor Advisory () http://secunia.com/advisories/48479 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48493 - Vendor Advisory () http://secunia.com/advisories/48493 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48494 - () http://secunia.com/advisories/48494 - Broken Link
References () http://secunia.com/advisories/48526 - Vendor Advisory () http://secunia.com/advisories/48526 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48529 - Vendor Advisory () http://secunia.com/advisories/48529 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48542 - Vendor Advisory () http://secunia.com/advisories/48542 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/48649 - () http://secunia.com/advisories/48649 - Broken Link
References () http://secunia.com/advisories/50692 - () http://secunia.com/advisories/50692 - Broken Link
References () http://secunia.com/advisories/60799 - () http://secunia.com/advisories/60799 - Broken Link
References () http://security.gentoo.org/glsa/glsa-201209-05.xml - () http://security.gentoo.org/glsa/glsa-201209-05.xml - Third Party Advisory
References () http://vsecurity.com/resources/advisory/20120324-1/ - () http://vsecurity.com/resources/advisory/20120324-1/ - Broken Link
References () http://www.debian.org/security/2012/dsa-2438 - () http://www.debian.org/security/2012/dsa-2438 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - () http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - () http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - () http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 - Broken Link
References () http://www.openoffice.org/security/cves/CVE-2012-0037.html - () http://www.openoffice.org/security/cves/CVE-2012-0037.html - Mitigation, Patch
References () http://www.openwall.com/lists/oss-security/2012/03/27/4 - () http://www.openwall.com/lists/oss-security/2012/03/27/4 - Exploit, Mailing List
References () http://www.osvdb.org/80307 - () http://www.osvdb.org/80307 - Broken Link
References () http://www.securityfocus.com/bid/52681 - () http://www.securityfocus.com/bid/52681 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1026837 - () http://www.securitytracker.com/id?1026837 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/74235 - Third Party Advisory, VDB Entry
References () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - () https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - Patch
References () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - () https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E - Mailing List, Patch

Information

Published : 2012-06-17 03:41

Updated : 2024-11-21 01:34


NVD link : CVE-2012-0037

Mitre link : CVE-2012-0037

CVE.ORG link : CVE-2012-0037


JSON object : View

Products Affected

fedoraproject

  • fedora

redhat

  • storage
  • enterprise_linux_eus
  • enterprise_linux_workstation
  • storage_for_public_cloud
  • gluster_storage_server_for_on-premise
  • enterprise_linux_server_aus
  • enterprise_linux_server
  • enterprise_linux_desktop

apache

  • openoffice

librdf

  • raptor

debian

  • debian_linux

libreoffice

  • libreoffice
CWE
CWE-611

Improper Restriction of XML External Entity Reference