New Search

Vulnerability in contrib/xml2 in PostgreSQL 8.3 before 8.3.20 8.4 before 8.4.13 9.0 before 9.0.9 and 9.1 before 9.1.5 (CVE-2012-3488)

oval:org.cisecurity:def:8213

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20 8.4 before 8.4.13 9.0 before 9.0.9 and 9.1 before 9.1.5 does not properly restrict access to files and URLs which allows remote authenticated users to modify data obtain sensitive information or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature related to an XML External Entity (aka XXE) issue.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows 8
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2012-3488
Product(s):
  • PostgreSQL