ID

VAR-201605-0213


CVE

CVE-2016-3705


TITLE

libxml2 of parser.c of xmlParserEntityCheck and xmlParseAttValueComplex Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002776

DESCRIPTION

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. libxml2 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2016:1292-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292 Issue date: 2016-06-23 CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all applications linked to the libxml2 library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 6. Package List: Red Hat Enterprise Linux HPC Node (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm ppc64: libxml2-2.7.6-21.el6_8.1.ppc.rpm libxml2-2.7.6-21.el6_8.1.ppc64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm s390x: libxml2-2.7.6-21.el6_8.1.s390.rpm libxml2-2.7.6-21.el6_8.1.s390x.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-devel-2.7.6-21.el6_8.1.s390.rpm libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm libxml2-python-2.7.6-21.el6_8.1.s390x.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm ppc64: libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm libxml2-static-2.7.6-21.el6_8.1.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libxml2-2.7.6-21.el6_8.1.src.rpm i386: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.i686.rpm x86_64: libxml2-2.7.6-21.el6_8.1.i686.rpm libxml2-2.7.6-21.el6_8.1.x86_64.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.i686.rpm libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm libxml2-static-2.7.6-21.el6_8.1.i686.rpm x86_64: libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm ppc64: libxml2-2.9.1-6.el7_2.3.ppc.rpm libxml2-2.9.1-6.el7_2.3.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm s390x: libxml2-2.9.1-6.el7_2.3.s390.rpm libxml2-2.9.1-6.el7_2.3.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-devel-2.9.1-6.el7_2.3.s390.rpm libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm libxml2-python-2.9.1-6.el7_2.3.s390x.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm libxml2-static-2.9.1-6.el7_2.3.ppc.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm libxml2-static-2.9.1-6.el7_2.3.s390.rpm libxml2-static-2.9.1-6.el7_2.3.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7_2.3.src.rpm x86_64: libxml2-2.9.1-6.el7_2.3.i686.rpm libxml2-2.9.1-6.el7_2.3.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.3.i686.rpm libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm libxml2-static-2.9.1-6.el7_2.3.i686.rpm libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4447 https://access.redhat.com/security/cve/CVE-2016-4448 https://access.redhat.com/security/cve/CVE-2016-4449 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm ZsVLEgJAF0Zt6xZVzqvVW7U= =fREV -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code. Background ========== libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1" References ========== [ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <5755B7E3.5040103@canonical.com> Subject: [USN-2994-1] libxml2 vulnerabilities ============================================================================ Ubuntu Security Notice USN-2994-1 June 06, 2016 libxml2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1835, CVE-2016-1837) Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836) Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-1840) It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449) Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2016-4483) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.1 Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.4 Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.8 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.15 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157239 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157239 Version: 2 HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-06-09 Last Updated: 2016-06-09 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent and IceWall File Manager resulting in Remote Denial of Service (DoS). References: - CVE-2016-3627 - CVE-2016-3705 - PSRT110132 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - IceWall Federation Agent 3.0 using libXML2 - IceWall File Manager 3.0 using libXML2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2016-3627 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2016-3705 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE recommends applying the latest OS vendor security patches for libXML2 to resolve the vulnerabilities in the libXML2 library. HISTORY Version:1 (rev.1) - 9 June 2016 Initial release Version:2 (rev.2) - 9 June 2016 Corrected content Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u2. Description: This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix(es): * This update fixes several flaws in OpenSSL. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185) * This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6

Trust: 2.52

sources: NVD: CVE-2016-3705 // JVNDB: JVNDB-2016-002776 // BID: 89854 // VULMON: CVE-2016-3705 // PACKETSTORM: 137613 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137410 // PACKETSTORM: 137298 // PACKETSTORM: 140182

AFFECTED PRODUCTS

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.3

Trust: 2.1

vendor:hpmodel:icewall file managerscope:eqversion:3.0

Trust: 1.9

vendor:hpmodel:icewall federation agentscope:eqversion:3.0

Trust: 1.9

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 1.8

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:canonicalmodel:ubuntuscope:eqversion:12.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:16.04 lts

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

vendor:hewlett packardmodel:icewall federation agentscope:eqversion:3.0

Trust: 0.8

vendor:hewlett packardmodel:icewall file managerscope:eqversion:3.0

Trust: 0.8

vendor:novellmodel:leapscope:eqversion:42.1

Trust: 0.6

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.211

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.6

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:1.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.13

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.0

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.2.4

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.32

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.4

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.0.410

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.24

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.14

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.219

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.0

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.0

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.1

Trust: 0.3

vendor:junipermodel:junos space 15.1f2scope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.25

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.22

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.4.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.30

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.12

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.402

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.8

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.36

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.0

Trust: 0.3

vendor:junipermodel:junos space 15.1r2.11scope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.18

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1.2

Trust: 0.3

vendor:bluecoatmodel:authconnectorscope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.1.1.0

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.2h968406scope: - version: -

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.46

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.28

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.26

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.5

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.3

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:eqversion:9.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.14

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.405

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.24

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.4

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.03

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.42

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:2.0.0.4

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:1.2.1.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.6

Trust: 0.3

vendor:junipermodel:junos space 15.2r1scope: - version: -

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.16

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.29

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.3

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.7

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.08

Trust: 0.3

vendor:ibmmodel:integrated management module ii for flex systems 1aooscope: - version: -

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.14

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.7

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.11

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.25

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.08

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.1

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.213

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.7

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.1.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.22

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1.5

Trust: 0.3

vendor:bluecoatmodel:industrial control system protectionscope:eqversion:5.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.404

Trust: 0.3

vendor:ibmmodel:rackswitch g8124/g8124-escope:eqversion:7.11.7.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.413

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0.1

Trust: 0.3

vendor:ibmmodel:rackswitch g8332scope:eqversion:7.7.23.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.28

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.401

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.8

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1165239scope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.5

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.8

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.6

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.8

Trust: 0.3

vendor:ibmmodel:security privileged identity manager fixpackscope:neversion:2.0.28

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.1.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.3

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.5.2.11

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.26

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.2

Trust: 0.3

vendor:bluecoatmodel:norman network protectionscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:rackswitch g8124/g8124-escope:eqversion:7.9.17.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.34

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.10

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.26

Trust: 0.3

vendor:ibmmodel:rackswitch g8052scope:eqversion:7.11.7.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.18

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.412

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.6

Trust: 0.3

vendor:ibmmodel:rackswitch g8264tscope:eqversion:7.9.17.0

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.8

Trust: 0.3

vendor:junipermodel:junos space 15.2r2scope: - version: -

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.6.2.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.17

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.21

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.6

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.35

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.22

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.3.0.33

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.31

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.218

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.1

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.20

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.10

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:neversion:5.3.1.10

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.0.411

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.8

Trust: 0.3

vendor:ibmmodel:rackswitch g8052scope:eqversion:7.9.17.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.4

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.1.1.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.9

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.1

Trust: 0.3

vendor:ibmmodel:virtual fabric 10gb switch modulescope:eqversion:7.8.10.0

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.20

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0.1.0

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2.2

Trust: 0.3

vendor:ibmmodel:rackswitch g8264scope:eqversion:7.11.7.0

Trust: 0.3

vendor:junipermodel:junos space 14.1r1.9scope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.21

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.214

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.14

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.19

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:security privileged identity managerscope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:integrated management module ii for bladecenter systems 1aooscope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.3

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fixpacscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.5

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.403

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.113

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.7

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.5

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.2.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.110

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.10

Trust: 0.3

vendor:ibmmodel:rackswitch g8264scope:eqversion:7.9.17.0

Trust: 0.3

vendor:junipermodel:junos space 16.1r1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.6

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.0.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry fpscope:eqversion:3.110

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:mq appliance m2001scope: - version: -

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.30

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.23

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.3

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.1

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:6.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.1.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.29

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.22

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.6

Trust: 0.3

vendor:ibmmodel:bigfix security compliance analyticsscope:eqversion:1.7

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.11

Trust: 0.3

vendor:ibmmodel:security guardiumscope:eqversion:10.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.8

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.4

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.31

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:ibmmodel:mq appliance m2000scope: - version: -

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.4

Trust: 0.3

vendor:ibmmodel:rackswitch g8264csscope:eqversion:7.8.14.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.27

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:12.1

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.1.0.415

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:neversion:2.9.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.4.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.27

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.1.09

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.1.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.19

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.5

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.2

Trust: 0.3

vendor:ibmmodel:security identity governance and intelligencescope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.24

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.12

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:2.4.01

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:1.2.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.8.13

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.9

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.09

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.15

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.02

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.9.1

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:ibmmodel:rackswitch g8316scope:eqversion:7.9.17.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.0

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.23

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.0.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.3.0.34

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.8

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.11

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.16

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.20

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:2.0.0.0

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry fix packscope:eqversion:3.2.010

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.12

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.2

Trust: 0.3

vendor:ibmmodel:integrated management module ii for system 1aooscope:eqversion:x

Trust: 0.3

vendor:ibmmodel:bigfix security compliance analyticsscope:neversion:1.8

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:security access managerscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:smartcloud entry jre updatescope:eqversion:2.4.0.55

Trust: 0.3

vendor:bluecoatmodel:directorscope:eqversion:6.1

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:neversion:7.6.2.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.4

Trust: 0.3

vendor:ibmmodel:cognos business intelligence serverscope:eqversion:10.2

Trust: 0.3

vendor:mcafeemodel:web gatewayscope:eqversion:7.5.2.9

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.15

Trust: 0.3

vendor:bluecoatmodel:industrial control systems network scannerscope:eqversion:5.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.13

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.1.0.5

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.12

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:2.4.0.55

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.400

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.5

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:1.3

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry fixpackscope:eqversion:3.2.0.415

Trust: 0.3

vendor:bluecoatmodel:proxysgscope:eqversion:6.6

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:1.7.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.17

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.5.11

Trust: 0.3

vendor:ibmmodel:sametime media serverscope:neversion:9.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:3.2.1.1

Trust: 0.3

vendor:ibmmodel:security access manager for mobilescope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:flex system managerscope:eqversion:1.3.3.0

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.9

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.406-3402.103

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.4.7

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.3.7

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:11.2

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.7.7

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.2.11

Trust: 0.3

vendor:mcafeemodel:email gateway 7.6.405h1157986scope: - version: -

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fiscope:eqversion:2.3.0.4

Trust: 0.3

vendor:ibmmodel:security access manager for webscope:eqversion:8.0.1.4

Trust: 0.3

vendor:bluecoatmodel:security analytics platformscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.5.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:infosphere streamsscope:eqversion:4.0.1

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.4

Trust: 0.3

vendor:xmlsoftmodel:libxml2scope:eqversion:2.6.1

Trust: 0.3

sources: BID: 89854 // JVNDB: JVNDB-2016-002776 // CNNVD: CNNVD-201605-100 // NVD: CVE-2016-3705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3705
value: HIGH

Trust: 1.0

NVD: CVE-2016-3705
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-100
value: HIGH

Trust: 0.6

VULMON: CVE-2016-3705
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3705
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2016-3705
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2016-3705 // JVNDB: JVNDB-2016-002776 // CNNVD: CNNVD-201605-100 // NVD: CVE-2016-3705

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-002776 // NVD: CVE-2016-3705

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 137613 // PACKETSTORM: 137410 // PACKETSTORM: 137298 // CNNVD: CNNVD-201605-100

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201605-100

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002776

PATCH

title:DSA-3593url:https://www.debian.org/security/2016/dsa-3593

Trust: 0.8

title:Bug 765207url:https://bugzilla.gnome.org/show_bug.cgi?id=765207

Trust: 0.8

title:HPSBGN03617url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05157239

Trust: 0.8

title:openSUSE-SU-2016:1298url:https://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

Trust: 0.8

title:Oracle VM Server for x86 Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 0.8

title:Oracle Linux Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 0.8

title:Oracle Solaris Third Party Bulletin - July 2016url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 0.8

title:RHSA-2016:1292url:https://access.redhat.com/errata/RHSA-2016:1292

Trust: 0.8

title:TLSA-2016-22url:http://www.turbolinux.co.jp/security/2016/TLSA-2016-22j.html

Trust: 0.8

title:USN-2994-1url:http://www.ubuntu.com/usn/USN-2994-1

Trust: 0.8

title:Top Pagesurl:http://www.xmlsoft.org/

Trust: 0.8

title:Libxml2 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=61424

Trust: 0.6

title:Red Hat: CVE-2016-3705url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-3705

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e21c0505f8306f0416606e1a2ec5e18e

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2994-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML fileurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ed475d816a8279c18b15a9aac8146ada

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.curl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1b5e8a6bfa7b3b48920376b728b6bbe2

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover modeurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7ad6e7048d3904deff82dbbe81adf528

Trust: 0.1

title:Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=17d0780fd9f0deb51d01d88ca9e90fe3

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-719url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-719

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707

Trust: 0.1

title:Symantec Security Advisories: SA129 : Multiple libxml2 Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=4306b2beef409e7d3306d20a4621babf

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38

Trust: 0.1

title:Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-18

Trust: 0.1

sources: VULMON: CVE-2016-3705 // JVNDB: JVNDB-2016-002776 // CNNVD: CNNVD-201605-100

EXTERNAL IDS

db:NVDid:CVE-2016-3705

Trust: 3.4

db:BIDid:89854

Trust: 2.0

db:MCAFEEid:SB10170

Trust: 2.0

db:TENABLEid:TNS-2016-18

Trust: 1.7

db:JVNDBid:JVNDB-2016-002776

Trust: 0.8

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2020.2340

Trust: 0.6

db:CNNVDid:CNNVD-201605-100

Trust: 0.6

db:JUNIPERid:JSA10770

Trust: 0.3

db:VULMONid:CVE-2016-3705

Trust: 0.1

db:PACKETSTORMid:137613

Trust: 0.1

db:PACKETSTORMid:140533

Trust: 0.1

db:PACKETSTORMid:137335

Trust: 0.1

db:PACKETSTORMid:137410

Trust: 0.1

db:PACKETSTORMid:137298

Trust: 0.1

db:PACKETSTORMid:140182

Trust: 0.1

sources: VULMON: CVE-2016-3705 // BID: 89854 // JVNDB: JVNDB-2016-002776 // PACKETSTORM: 137613 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137410 // PACKETSTORM: 137298 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-100 // NVD: CVE-2016-3705

REFERENCES

url:http://seclists.org/fulldisclosure/2016/may/10

Trust: 2.5

url:https://bugzilla.gnome.org/show_bug.cgi?id=765207

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Trust: 2.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10170

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-2994-1

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2016:1292

Trust: 1.8

url:https://security.gentoo.org/glsa/201701-37

Trust: 1.8

url:http://rhn.redhat.com/errata/rhsa-2016-2957.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

Trust: 1.7

url:https://www.debian.org/security/2016/dsa-3593

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157239

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Trust: 1.7

url:http://www.securityfocus.com/bid/89854

Trust: 1.7

url:http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

Trust: 1.7

url:https://www.tenable.com/security/tns-2016-18

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2016-3705

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1332443

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3705

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3705

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2016:2957

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2340/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-3705

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1839

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-3627

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1838

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1840

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-1837

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1833

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1762

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1834

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-1835

Trust: 0.4

url:http://xmlsoft.org/index.html

Trust: 0.3

url:http://www.xmlsoft.org/news.html

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10770&actp=rss

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157239

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024088

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024194

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024318

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099462

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099466

Trust: 0.3

url:https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf

Trust: 0.3

url:https://bto.bluecoat.com/security-advisory/sa129

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099491

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21984773

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21985337

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21986974

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988706

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21989043

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990046

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990231

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21990750

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21990837

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21990838

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21991065

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21995691

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4449

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4447

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8806

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-2073

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-1838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1837

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1834

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1839

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1833

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1840

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1836

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-1835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-4447

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-3627

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2994-1/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4448

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8035

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1819

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7942

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5131

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7497

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2106

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2106

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-8176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-6808

Trust: 0.1

url:https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2107

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2014-3523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-8612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3185

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=distributions&version=2.4.23

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2105

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8176

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5420

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2012-1148

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-2109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5419

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2108

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-0209

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-3216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-7141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0799

Trust: 0.1

sources: VULMON: CVE-2016-3705 // BID: 89854 // JVNDB: JVNDB-2016-002776 // PACKETSTORM: 137613 // PACKETSTORM: 140533 // PACKETSTORM: 137335 // PACKETSTORM: 137410 // PACKETSTORM: 137298 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-100 // NVD: CVE-2016-3705

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 89854

SOURCES

db:VULMONid:CVE-2016-3705
db:BIDid:89854
db:JVNDBid:JVNDB-2016-002776
db:PACKETSTORMid:137613
db:PACKETSTORMid:140533
db:PACKETSTORMid:137335
db:PACKETSTORMid:137410
db:PACKETSTORMid:137298
db:PACKETSTORMid:140182
db:CNNVDid:CNNVD-201605-100
db:NVDid:CVE-2016-3705

LAST UPDATE DATE

2024-08-14T12:37:28.121000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2016-3705date:2018-10-30T00:00:00
db:BIDid:89854date:2017-12-19T22:01:00
db:JVNDBid:JVNDB-2016-002776date:2016-11-17T00:00:00
db:CNNVDid:CNNVD-201605-100date:2023-06-30T00:00:00
db:NVDid:CVE-2016-3705date:2023-02-12T23:18:29.470

SOURCES RELEASE DATE

db:VULMONid:CVE-2016-3705date:2016-05-17T00:00:00
db:BIDid:89854date:2016-05-04T00:00:00
db:JVNDBid:JVNDB-2016-002776date:2016-05-23T00:00:00
db:PACKETSTORMid:137613date:2016-06-23T13:00:52
db:PACKETSTORMid:140533date:2017-01-17T02:26:10
db:PACKETSTORMid:137335date:2016-06-07T07:41:54
db:PACKETSTORMid:137410date:2016-06-10T02:22:00
db:PACKETSTORMid:137298date:2016-06-02T16:29:00
db:PACKETSTORMid:140182date:2016-12-16T16:34:49
db:CNNVDid:CNNVD-201605-100date:2016-05-05T00:00:00
db:NVDid:CVE-2016-3705date:2016-05-17T14:08:04.593