VDB
CVE-2017-7375
CVE-2017-7375
PUBLISHED
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
EPSS 0.44% · 63.7th percentile
Risk Scores
EPSS Score
0.44%
63.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libxml2 | 0, 2.9.2+zdfsg1-4, 2.9.2+zdfsg1-4ubuntu1 |
| Ubuntu:14.04:LTS | libxml2 | 2.9.1+dfsg1-3ubuntu2, 2.9.1+dfsg1-3ubuntu3, 2.9.1+dfsg1-3ubuntu4 |
Exploit Intelligence
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Supervisord远程命令执行漏洞脚本 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
- Standalone Python ≥3.6 RCE Unauthenticated exploit for Supervisor 3.0a1 to 3.3.2 (github-poc)
…and 25 more exploits
Timeline
- Jun 21, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7375 third-party-advisory
- https://ubuntu.com/security/notices/USN-3424-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3424-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7375 third-party-advisory