VDB
CVE-2013-1664
CVE-2013-1664
PUBLISHED
CVSS 5 MEDIUM
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
EPSS 3.94% · 88.6th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
3.94%
88.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openstack | grizzly | |
| openstack | compute_\(nova\)_essex | |
| openstack | folsom | |
| Oracle Cloud | compute | |
| openstack | cinder_folsom | |
| openstack | keystone_essex | |
| n/a | n/a | n/a |
| openstack | compute_\(nova\)_folsom | |
| GCP | compute | |
| PyPI | Django | 1.4.0, 1.3.0 |
Exploit Intelligence
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- https://bugs.launchpad.net/nova/+bug/1100282 (nist-nvd)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) (circl)
…and 8 more exploits
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Dec 19, 2023 EPSS Score
References
- [oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 mailing-list
- [openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
- RHSA-2013:0658 vendor-advisory
- [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
- USN-1757-1 vendor-advisory
- RHSA-2013:0657 vendor-advisory
- https://bugs.launchpad.net/nova/+bug/1100282 url
- http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html url
- RHSA-2013:0670 vendor-advisory
- http://bugs.python.org/issue17239 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-1664 advisory
- https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40 url
- https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112 url
- https://github.com/django/django package