Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2019.0077
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2019-0077)
Zusammenfassung:	The remote host is missing an update for the 'dom4j' package(s) announced via the MGASA-2019-0077 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dom4j' package(s) announced via the MGASA-2019-0077 advisory. Vulnerability Insight: dom4j version prior to version 2.1.1 contains an XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appears to be exploitable via an attacker specifying attributes or elements in the XML document (CVE-2018-1000632). Affected Software/OS: 'dom4j' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1000632 https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 https://github.com/dom4j/dom4j/issues/48 https://security.netapp.com/advisory/ntap-20190530-0001/ https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/ https://ihacktoprotect.com/post/dom4j-xml-injection/ https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E RedHat Security Advisories: RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0362 RedHat Security Advisories: RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0364 RedHat Security Advisories: RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0365 RedHat Security Advisories: RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:0380 RedHat Security Advisories: RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159 RedHat Security Advisories: RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160 RedHat Security Advisories: RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161 RedHat Security Advisories: RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162 RedHat Security Advisories: RHSA-2019:3172 https://access.redhat.com/errata/RHSA-2019:3172
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.