QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-3488

Back to search

CVE-2012-3488

Published: Oct 3, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2012:1263
vendor-advisory
x_refsource_REDHAT
MDVSA-2012:139
vendor-advisory
x_refsource_MANDRIVA
50636
third-party-advisory
x_refsource_SECUNIA
USN-1542-1
vendor-advisory
x_refsource_UBUNTU
50718
third-party-advisory
x_refsource_SECUNIA
50635
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2013-03-14-1
vendor-advisory
x_refsource_APPLE
50946
third-party-advisory
x_refsource_SECUNIA
55072
vdb-entry
x_refsource_BID
DSA-2534
vendor-advisory
x_refsource_DEBIAN
RHSA-2012:1264
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2012:1251
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2012:1288
vendor-advisory
x_refsource_SUSE
50859
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:1299
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now