CVE-2012-0037 — MEDIUM (6.5)

Q: How severe is CVE-2012-0037?

CVE-2012-0037 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-0037?

Check the references section above for vendor advisories and patch information. Affected products include: Librdf Raptor, Libreoffice Libreoffice, Apache Openoffice, Fedoraproject Fedora, Redhat Gluster Storage Server For On-Premise.

Vulnerability Description

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Librdf	Raptor	< 2.0.7
Libreoffice	Libreoffice	< 3.4.6
Apache	Openoffice	3.3.0
Fedoraproject	Fedora	16
Redhat	Gluster Storage Server For On-Premise	2.0
Redhat	Storage	2.0
Redhat	Storage For Public Cloud	2.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	6.2
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	6.2
Redhat	Enterprise Linux Workstation	5.0
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-611

References

http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/Release Notes
http://librdf.org/raptor/RELEASE.html#rel2_0_7Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2012-0410.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0411.htmlThird Party Advisory
http://secunia.com/advisories/48479Broken LinkVendor Advisory
http://secunia.com/advisories/48493Broken LinkVendor Advisory
http://secunia.com/advisories/48494Broken Link
http://secunia.com/advisories/48526Broken LinkVendor Advisory
http://secunia.com/advisories/48529Broken LinkVendor Advisory
http://secunia.com/advisories/48542Broken LinkVendor Advisory
http://secunia.com/advisories/48649Broken Link
http://secunia.com/advisories/50692Broken Link
http://secunia.com/advisories/60799Broken Link

FAQ

What is CVE-2012-0037?

CVE-2012-0037 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read ...

How severe is CVE-2012-0037?

CVE-2012-0037 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0037?

Check the references section above for vendor advisories and patch information. Affected products include: Librdf Raptor, Libreoffice Libreoffice, Apache Openoffice, Fedoraproject Fedora, Redhat Gluster Storage Server For On-Premise.