{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-19T14:41:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sparklemotion/nokogiri/issues/693"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6685", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sparklemotion/nokogiri/issues/693", "refsource": "CONFIRM", "url": "https://github.com/sparklemotion/nokogiri/issues/693"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"}, {"name": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", "refsource": "CONFIRM", "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:36:01.934Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sparklemotion/nokogiri/issues/693"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6685", "datePublished": "2020-02-19T14:41:27", "dateReserved": "2015-01-05T00:00:00", "dateUpdated": "2024-08-06T21:36:01.934Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB203B5A-2979-4C08-8E90-EEA32EE5ACB0", "versionEndExcluding": "1.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "884F5BE8-59F5-4502-9765-F3A3E505570F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*", "matchCriteriaId": "C77E4AD2-8BB5-427E-90BA-CB43B3684179", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0E2C740-099C-427F-846D-951A2A1BF07E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"}, {"lang": "es", "value": "Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE."}], "id": "CVE-2012-6685", "lastModified": "2021-07-15T19:16:09.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-19T15:15:11.723", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/sparklemotion/nokogiri/issues/693"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-776"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ansible-runner-0:1.1.2-2.el7ar", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ansible-tower-0:3.3.3-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "bubblewrap-0:0.1.7-1.el7", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-0:5.10.0.33-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-amazon-smartstate-0:5.10.0.33-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-appliance-0:5.10.0.33-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "cfme-gemset-0:5.10.0.33-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "dbus-api-service-0:1.0.1-5.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "dumb-init-0:1.2.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "erlang-0:19.3.6.7-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "google-compute-engine-0:2.0.0-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "google-config-0:2.0.0-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "httpd-configmap-generator-0:0.2.2-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "nginx-1:1.10.2-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-cluster-upgrade-0:1.1.8-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-disaster-recovery-0:1.1.2-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-engine-setup-0:1.1.5-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-image-template-0:1.1.8-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-infra-0:1.1.8-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-manageiq-0:1.1.12-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-repositories-0:1.1.2-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-roles-0:1.1.5-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-shutdown-env-0:1.0.0-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-v2v-conversion-host-0:1.6.3-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ovirt-ansible-vm-infra-0:1.1.10-1.el7ev", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "postgresql96-0:9.6.10-1PGDG.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "prince-0:9.0r2-10.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "pyOpenSSL-0:17.3.0-4.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-bambou-0:3.0.1-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-colorama-0:0.3.7-2.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-crypto-0:2.6.1-16.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-daemon-0:2.1.2-7.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-funcsigs-0:1.0.2-1.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-future-0:0.16.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-lockfile-1:0.11.0-10.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-meld3-0:0.6.10-1.el7", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-mock-0:2.0.0-1.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-pbr-0:3.1.1-2.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-pexpect-0:4.6-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-psutil-0:5.4.3-2.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-ptyprocess-0:0.5.2-3.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-pylxca-0:2.1.1-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-pysocks-0:1.5.6-3.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-requests-0:2.14.2-1.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-requests-toolbelt-0:0.8.0-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-tabulate-0:0.8.2-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-urllib3-0:1.21.1-1.2.el7ost", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "python-vspk-0:5.3.2-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "qpid-proton-0:0.19.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rabbitmq-server-0:3.7.4-1.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rh-postgresql95-postgresql-pglogical-0:2.1.0-4.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rh-postgresql95-repmgr-0:4.0.6-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "ruby-0:2.4.5-90.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-bcrypt-0:3.1.12-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-ffi-0:1.9.25-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-hamlit-0:2.8.8-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-http_parser.rb-0:0.6.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-json-0:2.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-linux_block_device-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-memory_buffer-0:0.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-nio4r-0:2.3.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-nokogiri-0:1.8.2-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-ovirt-engine-sdk4-0:4.2.4-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-pg-0:0.18.4-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-puma-0:3.7.1-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-qpid_proton-0:0.22.0-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-redhat_access_cfme-0:2.0.3-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-redhat_access_lib-0:1.1.4-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-rugged-0:0.27.4-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-sqlite3-0:1.3.13-2.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-unf_ext-0:0.0.7.5-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "rubygem-websocket-driver-0:0.6.5-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "smem-0:1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "supervisor-0:3.1.4-1.el7", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "wmi-0:1.3.14-7.el7cf", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}, {"advisory": "RHSA-2019:0212", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.10::el7", "package": "wxGTK3-0:3.0.3-5.el7at", "product_name": "CloudForms Management Engine 5.10", "release_date": "2019-02-07T00:00:00Z"}], "bugzilla": {"description": "rubygem-nokogiri: XML eXternal Entity (XXE) flaw", "id": "1178970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-611", "details": ["Nokogiri before 1.5.4 is vulnerable to XXE attacks"], "name": "CVE-2012-6685", "package_state": [{"cpe": "cpe:/a:redhat:openstack-installer:5", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-nokogiri", "product_name": "OpenStack Foreman"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Fix deferred", "package_name": "ruby193-rubygem-nokogiri", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "rubygem-nokogiri", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-nokogiri", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "rubygem-nokogiri", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-nokogiri", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-nokogiri", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-nokogiri", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygem-nokogiri", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2012-06-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-6685\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6685"], "statement": "This issue affects the versions of ruby193-rubygem-nokogiri as shipped with Red Hat Satellite 6 and Red Hat OpenStack 6. Red Hat Product Security has rated this issue as having moderate security impact. A future update may address this issue.\nRed Hat Product Security has rated this issue as having no security impact for rubygem-nokogiri as shipped with: Red Hat Enterprise MRG 2.5, Red Hat Subscription Asset Manager 1.3, Red Hat CloudForms Management Engine 5.3.0, Red Hat OpenShift Enterprise 2.2.0; for ruby193-rubygem-nokogiri as shipped with Red Hat Satellite 6, Red Hat Subscription Asset Manager 1.3, Red Hat CloudForms Management Engine 5.3.0, Red Hat OpenStack 4.0, Red Hat OpenStack Foreman, Red Hat OpenStack 6, Red Hat OpenShift Enterprise 2.2.0; and for mingw-rubygem-nokogiri as shipped with Red Hat CloudForms Management Engine 5.3.0. This issue is not currently planned to be addressed in future updates.\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "nokogiri 1.6.4"}