CVE-2013-1664 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-1664 PUBLISHED CVSS 5 MEDIUM

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

EPSS 3.94% · 88.2th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

3.94%

88.2th percentile

Affected Products

Vendor	Product	Versions
openstack	grizzly
openstack	compute_\(nova\)_essex
openstack	folsom
openstack	cinder_folsom
openstack	keystone_essex
n/a	n/a	n/a
openstack	compute_\(nova\)_folsom
PyPI	Django	1.4.0, 1.3.0

Timeline

CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 22, 2023 EPSS Score
Dec 13, 2023 EPSS Score

References

[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 mailing-list
[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
RHSA-2013:0658 vendor-advisory
[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
USN-1757-1 vendor-advisory
RHSA-2013:0657 vendor-advisory
https://bugs.launchpad.net/nova/+bug/1100282 url
http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html url
RHSA-2013:0670 vendor-advisory
http://bugs.python.org/issue17239 url
https://nvd.nist.gov/vuln/detail/CVE-2013-1664 advisory
https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40 url
https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112 url
https://github.com/django/django package

Open in Interactive Console →