Vulnerability Details : CVE-2012-6685
Potential exploit
Nokogiri before 1.5.4 is vulnerable to XXE attacks
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2012-6685
- cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6685
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6685
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2012-6685
-
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6685
-
https://bugzilla.redhat.com/show_bug.cgi?id=1178970
1178970 – (CVE-2012-6685) CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flawIssue Tracking;Third Party Advisory
-
https://nokogiri.org/CHANGELOG.html#154-2012-06-12
Changelog - NokogiriRelease Notes;Vendor Advisory
-
https://github.com/sparklemotion/nokogiri/issues/693
nokogiri vulnerable to XXE attack when used under c ruby · Issue #693 · sparklemotion/nokogiri · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to