Home > Vulnerability Database > CVE-2014-0191

Mend.io Vulnerability Database

CVE-2014-0191

Good to know:

Date: January 20, 2015

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

Language: C

Severity Score

3.7

Related Resources (19)

Url: http://xmlsoft.org/news.html

Url: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Url: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0191

Url: http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

Url: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df

Url: https://support.apple.com/kb/HT205031

Url: https://support.apple.com/kb/HT205030

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0191

Url: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Url: https://access.redhat.com/security/cve/CVE-2014-0191

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21678183

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/93092

Url: https://security-tracker.debian.org/tracker/CVE-2014-0191

Url: http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

Url: http://rhn.redhat.com/errata/RHSA-2015-0749.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1090976

Url: http://www.securityfocus.com/bid/67233

Url: https://www.mend.io/vulnerability-database/CVE-2014-0191

Severity Score

3.7

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 2.9.2

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-0191

Good to know:

Date: January 20, 2015

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?