Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

INFO

Published Date :

April 3, 2013, 12:55 a.m.

Last Modified :

Nov. 21, 2024, 1:50 a.m.

Remotely Exploitable :

Yes !

Impact Score :

2.9

Exploitability Score :

10.0
Public PoC/Exploit Available at Github

CVE-2013-1664 has a 5 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2013-1664 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openstack folsom
2 Openstack grizzly
3 Openstack cinder_folsom
4 Openstack compute_\(nova\)_essex
5 Openstack compute_\(nova\)_folsom
6 Openstack keystone_essex
1 Djangoproject django

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Makefile Python CSS Perl PHP Ruby XSLT

Updated: 2 years ago
0 stars 0 fork 0 watcher
Born at : Dec. 7, 2022, 3:24 a.m. This repo has been linked 5 different CVEs too.

Map Vulnerabilities into Different Layers of the Container Image

Python

Updated: 1 year, 11 months ago
1 stars 0 fork 0 watcher
Born at : Oct. 5, 2022, 12:07 p.m. This repo has been linked 1276 different CVEs too.

None

Makefile Python Perl PHP Ruby CSS XSLT

Updated: 1 year, 2 months ago
1 stars 0 fork 0 watcher
Born at : Sept. 28, 2022, 6:24 a.m. This repo has been linked 5 different CVEs too.

Packaging for defusedxml

Makefile Python Perl PHP Ruby CSS

Updated: 2 years, 6 months ago
0 stars 0 fork 0 watcher
Born at : June 9, 2021, 4:02 p.m. This repo has been linked 5 different CVEs too.

None

Makefile Python Perl PHP Ruby CSS XSLT

Updated: 1 month ago
493 stars 50 fork 50 watcher
Born at : Feb. 13, 2016, 2:44 p.m. This repo has been linked 6 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2013-1664 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2013-1664 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
    Added Reference http://bugs.python.org/issue17239
    Added Reference http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
    Added Reference http://rhn.redhat.com/errata/RHSA-2013-0657.html
    Added Reference http://rhn.redhat.com/errata/RHSA-2013-0658.html
    Added Reference http://rhn.redhat.com/errata/RHSA-2013-0670.html
    Added Reference http://ubuntu.com/usn/usn-1757-1
    Added Reference http://www.openwall.com/lists/oss-security/2013/02/19/2
    Added Reference http://www.openwall.com/lists/oss-security/2013/02/19/4
    Added Reference https://bugs.launchpad.net/nova/+bug/1100282
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Apr. 03, 2013

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

9.06 }} 0.10%

score

0.94623

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability