Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

The remote NewStart CGSL host, running version MAIN 6.02, has libxml2 packages installed that are affected by multiple vulnerabilities:

  - A Cross-site scripting (XSS) vulnerability was found in libxml2. A specially crafted input, when     serialized and re-parsed by the libxml2 library, will result in a document with element attributes that     did not exist in the original document. (CVE-2016-3709)

  - A flaw was found in libxml2. Parsing a XML document with the XML_PARSE_HUGE option enabled can result in     an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue     function didn't have any length limitation. (CVE-2022-40303)

  - A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML     entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in     logic errors, including memory errors like double free. (CVE-2022-40304)

  - A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid)     XML schemas. (CVE-2023-28484)

  - A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated,     xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory     errors, including double free errors. (CVE-2023-29469)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3878 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3878-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Adrian Bunk     September 05, 2024                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : libxml2     Version        : 2.9.10+dfsg-6.7+deb11u5     CVE ID         : CVE-2016-3709 CVE-2022-2309     Debian Bug     : 1039991

    Two vulnerabilities have been fixed in the XML library libxml2.

    CVE-2016-3709

        HTML 4 parser cross-site scripting

    CVE-2022-2309

        Parser NULL pointer dereference

    For Debian 11 bullseye, these problems have been fixed in version     2.9.10+dfsg-6.7+deb11u5.

    We recommend that you upgrade your libxml2 packages.

    For the detailed security status of libxml2 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libxml2

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3665-1 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

  - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference     and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. (CVE-2023-28484)

  - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML     document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic     and memory errors, such as a double free. This behavior occurs because there is an attempt to use the     first byte of an empty string, and any value is possible (not solely the '\0' value). (CVE-2023-29469)

  - ** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the     xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial     of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does     not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
    (CVE-2023-39615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4767 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7715 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7715 advisory.

    - Fix CVE-2016-3709 (#2120781)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7715 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7715 advisory.

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    * libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:7715 advisory.

  - libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3871-1 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3717-1 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5548-1 advisory.

    It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this     issue to execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
206834	NewStart CGSL MAIN 6.02 : libxml2 Multiple Vulnerabilities (NS-SA-2024-0055)	Nessus	NewStart CGSL Local Security Checks	high
206669	Debian dla-3878 : libxml2 - security update	Nessus	Debian Local Security Checks	medium
181575	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2023:3665-1)	Nessus	SuSE Local Security Checks	medium
180214	RHEL 8 : libxml2 (RHSA-2023:4767)	Nessus	Red Hat Local Security Checks	medium
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	critical
177179	EulerOS Virtualization 3.0.6.0 : libxml2 (EulerOS-SA-2023-2212)	Nessus	Huawei Local Security Checks	high
167814	Rocky Linux 8 : libxml2 (RLSA-2022:7715)	Nessus	Rocky Linux Local Security Checks	medium
167563	Oracle Linux 8 : libxml2 (ELSA-2022-7715)	Nessus	Oracle Linux Local Security Checks	medium
167292	AlmaLinux 8 : libxml2 (ALSA-2022:7715)	Nessus	Alma Linux Local Security Checks	medium
167167	RHEL 8 : libxml2 (RHSA-2022:7715)	Nessus	Red Hat Local Security Checks	medium
167159	CentOS 8 : libxml2 (CESA-2022:7715)	Nessus	CentOS Local Security Checks	medium
167037	SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2022:3871-1)	Nessus	SuSE Local Security Checks	high
166526	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2022:3717-1)	Nessus	SuSE Local Security Checks	high
165861	EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2022-2471)	Nessus	Huawei Local Security Checks	medium
163871	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : libxml2 vulnerability (USN-5548-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2016-3709

medium

Tenable Plugins

high

medium

medium

medium

critical

high

medium

medium

medium

medium

medium

high

high

medium

medium