CVE-2013-1665

{"id": "CVE-2013-1665", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-03T00:55:02.207", "references": [{"url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", "source": "cve@mitre.org"}, {"url": "http://bugs.python.org/issue17239", "source": "cve@mitre.org"}, {"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html", "source": "cve@mitre.org"}, {"url": "http://ubuntu.com/usn/usn-1757-1", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2013/dsa-2634", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/19/2", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/19/4", "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/keystone/+bug/1100279", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."}, {"lang": "es", "value": "OpenStack Keystone Essex y Folsom permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de la declaraci\u00f3n de una entidad externa XML junto con una referencia entidad, tambi\u00e9n conocido como un ataque XML External Entity (XXE)."}], "lastModified": "2013-05-15T03:35:51.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375"}, {"criteria": "cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD5F4534-9D98-4F86-898C-EAFB0C4CEDAC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}