VDB
CVE-2013-1665
CVE-2013-1665
PUBLISHED
CVSS 5 MEDIUM
XML External Entity (XXE) in Django
EPSS 3.00% · 86.8th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
3.00%
86.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | Django | 1.4.0, 1.3.0 |
| openstack | folsom | |
| openstack | keystone_essex | |
| n/a | n/a | n/a |
Exploit Intelligence
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (vulnetix)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- FILE-OTHER XML exponential entity expansion attack attempt [disabled] (community-snort)
- USN-1757-1 (circl)
- http://bugs.python.org/issue17239 (circl)
…and 9 more exploits
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- [oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 mailing-list
- [openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
- RHSA-2013:0658 vendor-advisory
- [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) mailing-list
- USN-1757-1 vendor-advisory
- RHSA-2013:0657 vendor-advisory
- DSA-2634 vendor-advisory
- http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html url
- RHSA-2013:0670 vendor-advisory
- http://bugs.python.org/issue17239 url
- https://bugs.launchpad.net/keystone/+bug/1100279 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-1665 advisory
- https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40 url
- https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112 url