CVE-2012-3489
N/A
N/A
Summary
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2012-1263.html
- http://www.securityfocus.com/bid/55074
- http://www.postgresql.org/docs/9.0/static/release-9-0-9.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
- http://www.ubuntu.com/usn/USN-1542-1
- http://secunia.com/advisories/50718
- http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
- http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
- http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
- http://www.postgresql.org/about/news/1407/
- http://secunia.com/advisories/50635
- http://www.postgresql.org/support/security/
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://secunia.com/advisories/50946
- https://bugzilla.redhat.com/show_bug.cgi?id=849173
- http://www.debian.org/security/2012/dsa-2534
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
- http://secunia.com/advisories/50859
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
References
- http://rhn.redhat.com/errata/RHSA-2012-1263.html
- http://www.securityfocus.com/bid/55074
- http://www.postgresql.org/docs/9.0/static/release-9-0-9.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
- http://www.ubuntu.com/usn/USN-1542-1
- http://secunia.com/advisories/50718
- http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
- http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
- http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
- http://www.postgresql.org/about/news/1407/
- http://secunia.com/advisories/50635
- http://www.postgresql.org/support/security/
- http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
- http://secunia.com/advisories/50946
- https://bugzilla.redhat.com/show_bug.cgi?id=849173
- http://www.debian.org/security/2012/dsa-2534
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
- http://secunia.com/advisories/50859
- http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.