CVE-2022-25236 - Exposure of Resource to Wrong Sphere

Severity

98%

Complexity

39%

Confidentiality

98%

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 3 years ago

2022-02-16 01:15:00

Last updated 2 years ago

2022-10-07 00:58:00

Affected Software

Oracle HTTP Server 12.2.1.3.0

12.2.1.3.0

References

https://github.com/libexpat/libexpat/pull/561

[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

https://github.com/libexpat/libexpat/pull/561

Patch, Third Party Advisory

[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

Mailing List, Third Party Advisory

DSA-5085

FEDORA-2022-04f206996b

FEDORA-2022-3d9d67f558

https://security.netapp.com/advisory/ntap-20220303-0008/

[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

GLSA-202209-24

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html

Third Party Advisory, VDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Third Party Advisory

GLSA-202209-24

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2022-25236 - Exposure of Resource to Wrong Sphere

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 3 years ago

Last updated 2 years ago

Affected Software

Oracle HTTP Server 12.2.1.3.0

References

https://github.com/libexpat/libexpat/pull/561

[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

https://github.com/libexpat/libexpat/pull/561

[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

DSA-5085

FEDORA-2022-04f206996b

FEDORA-2022-3d9d67f558

https://security.netapp.com/advisory/ntap-20220303-0008/

[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update

DSA-5085

FEDORA-2022-04f206996b

FEDORA-2022-3d9d67f558

https://security.netapp.com/advisory/ntap-20220303-0008/

[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpuapr2022.html

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

GLSA-202209-24

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

GLSA-202209-24

Stay updated

Get in touch