Information disclosure in Openstack Folsom
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in con…
Vulnerability class: Information Disclosure
EPSS: 0.030 (86.8th percentile) — read the EPSS interpretation.
Affected products
- Openstack Folsom
- Openstack Keystone_essex
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- [oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 (mailing-list, x_refsource_MLIST)
- [openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) (Vendor Advisory, mailing-list, x_refsource_MLIST)
- RHSA-2013:0658 (x_refsource_REDHAT, vendor-advisory)
- [oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) (mailing-list, x_refsource_MLIST)
- USN-1757-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2013:0657 (x_refsource_REDHAT, vendor-advisory)
- DSA-2634 (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM)
- RHSA-2013:0670 (x_refsource_REDHAT, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2013-1665?
- CVE-2013-1665 is a vulnerability in Openstack Folsom, classified under Information Disclosure. Published 2013-04-03.
- Is CVE-2013-1665 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.