What is CVE-2012-3489?

CVE-2012-3489 is a medium-severity vulnerability in Apple Mac_os_x_server, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2012-10-03.

How severe is CVE-2012-3489?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2012-3489 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XXE in Apple Mac_os_x_server

CVE-2012-3489

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.010 (76.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apple Mac_os_x_server — versions 10.6.8
Postgresql
Canonical Ubuntu_linux — versions 8.04, 10.04, 11.04
Debian Debian_linux — versions 6.0
Opensuse — versions 11.4, 12.1, 12.2
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.3
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_workstation — versions 5.0, 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

Public proof-of-concept exploits

References

RHSA-2012:1263 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
55074 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID, Broken Link)
secalert@redhat.com (x_refsource_CONFIRM, Release Notes)
MDVSA-2012:139 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
USN-1542-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
50718 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Release Notes)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Release Notes)
secalert@redhat.com (x_refsource_CONFIRM, Release Notes)

Frequently asked questions

What is CVE-2012-3489?: CVE-2012-3489 is a medium-severity vulnerability in Apple Mac_os_x_server, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2012-10-03.
How severe is CVE-2012-3489?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2012-3489 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.