Vulnerabilities > CVE-2012-1102 - XXE vulnerability in Xml::Atom Project Xml::Atom
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 46 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | CVE ID: CVE-2012-1102 XML::Atom是一款Perl模块 XML::Atom模块存在安全漏洞,允许恶意用户获得敏感信息 当解析某些XML数据时存在错误,发送特制的包含外部实体引用的XML数据可获得敏感信息 0 XML::Atom 0.x (module for Perl) 厂商解决方案 XML::Atom 0.39已经修复此漏洞,建议用户下载使用: http://cpansearch.perl.org/src/MIYAGAWA/XML-Atom-0.39/Changes |
| id | SSV:30171 |
| last seen | 2017-11-19 |
| modified | 2012-03-06 |
| published | 2012-03-06 |
| reporter | Root |
| title | Perl XML::Atom Module XML实体引用信息泄露漏洞 |