CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

Published: Jan 21, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-0191
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / fusion_middleware	12.1.3.0.0	12.1.3.0.0.x
oracle / fusion_middleware	11.1.1.7.0	11.1.1.7.0.x
oracle / fusion_middleware	12.1.2.0.0	12.1.2.0.0.x

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
http://rhn.redhat.com/errata/RHSA-2015-0749.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678183
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/67233
http://xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=1090976
https://exchange.xforce.ibmcloud.com/vulnerabilities/93092
https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
https://support.apple.com/kb/HT205030
https://support.apple.com/kb/HT205031

Vulnerability Database

289,784

CVE-2014-0191