Oval Definition:oval:org.opensuse.security:def:20130340
Revision Date:2023-06-22Version:1
Title:CVE-2013-0340
Description:

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2013-0340
SUSE CVE-2013-0340
Platform(s):openSUSE Leap 15.4
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • expat-2.4.4-150400.2.24 is installed
  • AND expat is signed with openSUSE key
  • OR
  • libexpat1-2.4.4-150400.2.24 is installed
  • AND libexpat1 is signed with openSUSE key
  • OR
  • libexpat1-32bit-2.4.4-150400.2.24 is installed
  • AND libexpat1-32bit is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • expat-2.4.1-1.2 is installed
  • OR libexpat-devel-2.4.1-1.2 is installed
  • OR libexpat-devel-32bit-2.4.1-1.2 is installed
  • OR libexpat1-2.4.1-1.2 is installed
  • OR libexpat1-32bit-2.4.1-1.2 is installed
  • OR python38-3.8.12-1.2 is installed
  • OR python38-32bit-3.8.12-1.2 is installed
  • OR python38-curses-3.8.12-1.2 is installed
  • OR python38-dbm-3.8.12-1.2 is installed
  • OR python38-idle-3.8.12-1.2 is installed
  • OR python38-tk-3.8.12-1.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • expat-2.4.4-150400.2.24 is installed
  • OR libexpat-devel-2.4.4-150400.2.24 is installed
  • OR libexpat1-2.4.4-150400.2.24 is installed
  • OR libexpat1-32bit-2.4.4-150400.2.24 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • expat-2.4.4-150400.3.12.1 is installed
  • OR libexpat-devel-2.4.4-150400.3.12.1 is installed
  • OR libexpat1-2.4.4-150400.3.12.1 is installed
  • OR libexpat1-32bit-2.4.4-150400.3.12.1 is installed
    • BACK