Vulnerability Details : CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2017-9233
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Threat overview for CVE-2017-9233
Top countries where our scanners detected CVE-2017-9233
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-9233 43,603
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-9233!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-9233
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9233
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-9233
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9233
-
https://support.f5.com/csp/article/K03244804
Third Party Advisory
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://support.apple.com/HT208112
About the security content of iOS 11 - Apple SupportThird Party Advisory
-
http://www.securitytracker.com/id/1039427
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Bypass Security and Deny Service, Local Users Obtain Potentially Sensitive Information, and Applications Gain Elevated Privileges - SecurityTThird Party Advisory;VDB Entry
-
https://github.com/libexpat/libexpat/blob/master/expat/Changes
libexpat/Changes at master · libexpat/libexpat · GitHubRelease Notes;Third Party Advisory
-
https://support.apple.com/HT208113
About the security content of tvOS 11 - Apple SupportThird Party Advisory
-
https://support.apple.com/HT208115
About the security content of watchOS 4 - Apple SupportThird Party Advisory
-
https://support.apple.com/HT208144
About the security content of macOS High Sierra 10.13 - Apple SupportThird Party Advisory
-
http://www.securityfocus.com/bid/99276
Expat CVE-2017-9233 XML External Entity Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://libexpat.github.io/doc/cve-2017-9233/
CVE-2017-9233 · Expat XML parserExploit;Technical Description;Vendor Advisory
-
http://www.debian.org/security/2017/dsa-3898
Debian -- Security Information -- DSA-3898-1 expatThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/06/17/7
oss-security - Expat 2.2.1 security fixesMailing List;VDB Entry
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony MailMailing List;Third Party Advisory
Jump to