Vulnerabilities > CVE-2012-1102 - Unspecified vulnerability in Xml::Atom Project Xml::Atom

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
xml

Summary

It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

Vulnerable Configurations

Part Description Count
Application
Xml\
46

Seebug

bulletinFamilyexploit
descriptionCVE ID: CVE-2012-1102 XML::Atom是一款Perl模块 XML::Atom模块存在安全漏洞,允许恶意用户获得敏感信息 当解析某些XML数据时存在错误,发送特制的包含外部实体引用的XML数据可获得敏感信息 0 XML::Atom 0.x (module for Perl) 厂商解决方案 XML::Atom 0.39已经修复此漏洞,建议用户下载使用: http://cpansearch.perl.org/src/MIYAGAWA/XML-Atom-0.39/Changes
idSSV:30171
last seen2017-11-19
modified2012-03-06
published2012-03-06
reporterRoot
titlePerl XML::Atom Module XML实体引用信息泄露漏洞