Back to bug 1379553
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Doran Moppert | 2016-09-27 06:50:09 UTC | Blocks | 1377998 | |
| Doran Moppert | 2016-09-27 06:52:12 UTC | Depends On | 1379554 | |
| Salvatore Bonaccorso | 2016-11-02 05:41:55 UTC | CC | carnil | |
| Doran Moppert | 2016-11-04 07:16:33 UTC | Alias | CVE-2016-9180 | |
| Doran Moppert | 2016-11-04 07:26:39 UTC | Summary | perl-XML-Twig: expand_external_ents option fails to work as documented | CVE-2016-9180 perl-XML-Twig: expand_external_ents option fails to work as documented |
| Doran Moppert | 2016-11-17 01:33:55 UTC | Whiteboard | impact=moderate,public=20160927,reported=20160927,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L,cwe=CWE-611,rhel-7/perl-XML-Twig=affected,rhel-6/perl-XML-Twig=affected,rhel-5/perl-XML-Twig=affected,fedora-all/perl-XML-Twig=affected | impact=moderate,public=20160927,reported=20160927,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L,cwe=CWE-611,rhel-7/perl-XML-Twig=wontfix,rhel-6/perl-XML-Twig=wontfix,rhel-5/perl-XML-Twig=wontfix,fedora-all/perl-XML-Twig=affected |
| Doran Moppert | 2016-11-17 02:45:09 UTC | Doc Text | A vulnerability was found in perl-XML-Twig. External entity expansion (XXE) took place regardless of the setting 'expand_external_ents', which was supposed to disable this functionality if set to 0 (the default) or -1. An attacker could craft an XML message which, when processed by an application using perl-XML-Twig, could cause denial of service or, potentially, information disclosure. | |
| Doran Moppert | 2016-11-17 02:47:08 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-11-16 21:47:08 UTC | |||
| Norman Sardella | 2017-01-25 14:17:52 UTC | CC | sardella | |
| Product Security DevOps Team | 2019-09-29 13:57:05 UTC | Whiteboard | impact=moderate,public=20160927,reported=20160927,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L,cwe=CWE-611,rhel-7/perl-XML-Twig=wontfix,rhel-6/perl-XML-Twig=wontfix,rhel-5/perl-XML-Twig=wontfix,fedora-all/perl-XML-Twig=affected |
Back to bug 1379553