Vulnerabilities > CVE-2019-9628 - Improper Handling of Exceptional Conditions vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
xmltooling-project
canonical
opensuse
CWE-755
nessus

Summary

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4407.NASL
    descriptionRoss Geerlings discovered that the XMLTooling library didn
    last seen2020-06-01
    modified2020-06-02
    plugin id122794
    published2019-03-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122794
    titleDebian DSA-4407-1 : xmltooling - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1710.NASL
    descriptionRoss Geerlings discovered that the XMLTooling library didn
    last seen2020-06-01
    modified2020-06-02
    plugin id122825
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122825
    titleDebian DLA-1710-1 : xmltooling security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0929-1.NASL
    descriptionThis update for xmltooling fixes the following issues : Security issue fixed : CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123998
    published2019-04-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123998
    titleSUSE SLES15 Security Update : xmltooling (SUSE-SU-2019:0929-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3921-1.NASL
    descriptionIt was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123414
    published2019-03-27
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123414
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : XMLTooling vulnerability (USN-3921-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0928-1.NASL
    descriptionThis update for xmltooling fixes the following issue : Security issue fixed : CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123997
    published2019-04-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123997
    titleSUSE SLES12 Security Update : xmltooling (SUSE-SU-2019:0928-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1276.NASL
    descriptionThis update for xmltooling fixes the following issue : Security issue fixed: 	 - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124313
    published2019-04-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124313
    titleopenSUSE Security Update : xmltooling (openSUSE-2019-1276)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1235.NASL
    descriptionThis update for xmltooling fixes the following issues: 	 Security issue fixed: 	 - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124186
    published2019-04-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124186
    titleopenSUSE Security Update : xmltooling (openSUSE-2019-1235)