Executive Summary

Informations
Name CVE-2012-0037 First vendor Publication 2012-06-16
Vendor Cve Last vendor Modification 2024-02-15

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Overall CVSS Score 6.5
Base Score 6.5 Environmental Score 6.5
impact SubScore 3.6 Temporal Score 6.5
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-611 Information Leak Through XML External Entity File Disclosure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15215
 
Oval ID: oval:org.mitre.oval:def:15215
Title: DSA-2438-1 raptor -- programming error
Description: It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.
Family: unix Class: patch
Reference(s): DSA-2438-1
CVE-2012-0037
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16854
 
Oval ID: oval:org.mitre.oval:def:16854
Title: USN-1480-1 -- Raptor vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): usn-1480-1
CVE-2012-0037
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21265
 
Oval ID: oval:org.mitre.oval:def:21265
Title: USN-1901-1 -- raptor2 vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1901-1
CVE-2012-0037
Version: 5
Platform(s): Ubuntu 12.04
Product(s): raptor2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21328
 
Oval ID: oval:org.mitre.oval:def:21328
Title: RHSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0410-01
CESA-2012:0410
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21474
 
Oval ID: oval:org.mitre.oval:def:21474
Title: RHSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0411-01
CESA-2012:0411
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23158
 
Oval ID: oval:org.mitre.oval:def:23158
Title: ELSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0411-01
CVE-2012-0037
Version: 6
Platform(s): Oracle Linux 5
Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23828
 
Oval ID: oval:org.mitre.oval:def:23828
Title: ELSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0410-01
CVE-2012-0037
Version: 6
Platform(s): Oracle Linux 6
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27837
 
Oval ID: oval:org.mitre.oval:def:27837
Title: DEPRECATED: ELSA-2012-0410 -- raptor security update (important)
Description: [1.4.18-5.1] - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#804496
Family: unix Class: patch
Reference(s): ELSA-2012-0410
CVE-2012-0037
Version: 4
Platform(s): Oracle Linux 6
Product(s): raptor
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1
Application 34
Application 1
Application 1
Application 1
Os 1
Os 2
Os 2
Os 1
Os 2
Os 1
Os 2

OpenVAS Exploits

Date Description
2012-09-26 Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice)
File : nvt/glsa_201209_05.nasl
2012-08-30 Name : Fedora Update for raptor FEDORA-2012-10591
File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl
2012-08-30 Name : Fedora Update for raptor2 FEDORA-2012-4629
File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl
2012-08-03 Name : Fedora Update for raptor FEDORA-2012-10590
File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl
2012-08-03 Name : Mandriva Update for raptor MDVSA-2012:061 (raptor)
File : nvt/gb_mandriva_MDVSA_2012_061.nasl
2012-08-03 Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_063.nasl
2012-07-30 Name : CentOS Update for raptor CESA-2012:0410 centos6
File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5
File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl
2012-07-09 Name : RedHat Update for raptor RHSA-2012:0410-01
File : nvt/gb_RHSA-2012_0410-01_raptor.nasl
2012-06-19 Name : Ubuntu Update for raptor USN-1480-1
File : nvt/gb_ubuntu_USN_1480_1.nasl
2012-04-30 Name : Debian Security Advisory DSA 2438-1 (raptor)
File : nvt/deb_2438_1.nasl
2012-04-30 Name : FreeBSD Ports: raptor2
File : nvt/freebsd_raptor2.nasl
2012-04-13 Name : Fedora Update for raptor2 FEDORA-2012-4663
File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl

Nessus® Vulnerability Scanner

Date Description
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-187.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-183.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2013-07-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO
2012-12-14 Name : The remote host has an application installed that is affected by multiple vul...
File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2012-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO
2012-07-31 Name : The remote Fedora host is missing a security update.
File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO
2012-06-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO
2012-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote Fedora host is missing a security update.
File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote host is running an application affected by a data leakage vulnerab...
File : libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Fedora host is missing a security update.
File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO
2012-04-03 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO
2012-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/52681
CONFIRM http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/
http://librdf.org/raptor/RELEASE.html#rel2_0_7
http://www.libreoffice.org/advisories/CVE-2012-0037/
http://www.openoffice.org/security/cves/CVE-2012-0037.html
https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0
DEBIAN http://www.debian.org/security/2012/dsa-2438
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html
GENTOO http://security.gentoo.org/glsa/glsa-201209-05.xml
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2012:061
http://www.mandriva.com/security/advisories?name=MDVSA-2012:062
http://www.mandriva.com/security/advisories?name=MDVSA-2012:063
MISC http://vsecurity.com/resources/advisory/20120324-1/
https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae98...
MLIST http://www.openwall.com/lists/oss-security/2012/03/27/4
OSVDB http://www.osvdb.org/80307
REDHAT http://rhn.redhat.com/errata/RHSA-2012-0410.html
http://rhn.redhat.com/errata/RHSA-2012-0411.html
SECTRACK http://www.securitytracker.com/id?1026837
SECUNIA http://secunia.com/advisories/48479
http://secunia.com/advisories/48493
http://secunia.com/advisories/48494
http://secunia.com/advisories/48526
http://secunia.com/advisories/48529
http://secunia.com/advisories/48542
http://secunia.com/advisories/48649
http://secunia.com/advisories/50692
http://secunia.com/advisories/60799
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/74235

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2024-02-15 09:28:14
  • Multiple Updates
2023-02-13 09:28:45
  • Multiple Updates
2021-05-04 12:18:55
  • Multiple Updates
2021-04-22 01:22:39
  • Multiple Updates
2020-05-23 01:47:50
  • Multiple Updates
2020-05-23 00:32:33
  • Multiple Updates
2017-08-29 09:23:39
  • Multiple Updates
2016-06-28 18:57:56
  • Multiple Updates
2016-04-26 21:22:50
  • Multiple Updates
2014-11-14 13:27:13
  • Multiple Updates
2014-10-24 13:25:55
  • Multiple Updates
2014-09-02 13:24:31
  • Multiple Updates
2014-06-14 13:32:05
  • Multiple Updates
2014-02-17 11:06:50
  • Multiple Updates
2013-09-03 17:20:21
  • Multiple Updates
2013-05-10 22:30:56
  • Multiple Updates
2013-04-19 13:19:59
  • Multiple Updates