CVE-2014-0191
Last modified
CVE-2014-0191 is a vulnerability of currently unknown severity. The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.. EPSS estimates a 8.10% chance of exploitation in the next 30 days.
Description
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Fusion Middleware | 11.1.1.7.0 |
| Oracle | Fusion Middleware | 12.1.2.0.0 |
| Oracle | Fusion Middleware | 12.1.3.0.0 |
References
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlPatch, Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0191?
How severe is CVE-2014-0191?
How do I fix CVE-2014-0191?
Are you affected by CVE-2014-0191?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST