CVE-2015-3451

MEDIUM Year: 2015
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Related Vulnerabilities

CVE-2015-9280

CRITICAL
CVSS:10.0(Critical)

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CWE-6112015

CVE-2017-7664

CRITICAL
CVSS:10.0(Critical)

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CWE-6112017

CVE-2017-8110

CRITICAL
CVSS:10.0(Critical)

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CWE-6112017

CVE-2018-1000124

CRITICAL
CVSS:10.0(Critical)

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the c...

CWE-6112018

CVE-2018-1000644

CRITICAL
CVSS:10.0(Critical)

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of ser...

CWE-6112018

CVE-2018-1000651

CRITICAL
CVSS:10.0(Critical)

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning...

CWE-6112018