Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

INFO

Published Date :

April 3, 2013, 12:55 a.m.

Last Modified :

May 15, 2013, 3:35 a.m.

Remotely Exploitable :

Yes !

Impact Score :

2.9

Exploitability Score :

10.0
Public PoC/Exploit Available at Github

CVE-2013-1664 has a 5 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2013-1664 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openstack folsom
2 Openstack grizzly
3 Openstack cinder_folsom
4 Openstack compute_\(nova\)_essex
5 Openstack compute_\(nova\)_folsom
6 Openstack keystone_essex
1 Djangoproject django

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Makefile Python CSS Perl PHP Ruby XSLT

Updated: 1 year, 11 months ago
0 stars 0 fork 0 watcher
Born at : Dec. 7, 2022, 3:24 a.m. This repo has been linked 5 different CVEs too.

Map Vulnerabilities into Different Layers of the Container Image

Python

Updated: 1 year, 10 months ago
1 stars 0 fork 0 watcher
Born at : Oct. 5, 2022, 12:07 p.m. This repo has been linked 1276 different CVEs too.

None

Makefile Python Perl PHP Ruby CSS XSLT

Updated: 1 year ago
1 stars 0 fork 0 watcher
Born at : Sept. 28, 2022, 6:24 a.m. This repo has been linked 5 different CVEs too.

Packaging for defusedxml

Makefile Python Perl PHP Ruby CSS

Updated: 2 years, 5 months ago
0 stars 0 fork 0 watcher
Born at : June 9, 2021, 4:02 p.m. This repo has been linked 5 different CVEs too.

None

Makefile Python Perl PHP Ruby CSS XSLT

Updated: 2 months ago
402 stars 47 fork 47 watcher
Born at : Feb. 13, 2016, 2:44 p.m. This repo has been linked 6 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2013-1664 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2013-1664 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

8.96 }} 1.27%

score

0.93986

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability