Vulnerability Details : CVE-2012-2328
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML file.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2328
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2328
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2328
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2328
-
http://sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7
CVS Info for project sblim
-
http://rhn.redhat.com/errata/RHSA-2012-0987.html
RHSA-2012:0987 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2013-01/msg00038.html
openSUSE-SU-2013:0144-1: moderate: update for sblim-cim-client2
-
http://lists.opensuse.org/opensuse-updates/2012-12/msg00015.html
openSUSE-SU-2012:1621-1: moderate: update for sblim-cim-client2
-
http://sourceforge.net/p/sblim/bugs/2381/
Standards Based Linux Instrumentation / Bugs / #2381 Red Hat: Possible XML Hash DoS in sblim
Products affected by CVE-2012-2328
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
- Standards Based Linux Instrumentation Project » Standards-based Linux Common Information Model ClientVersions up to, including, (<=) 2.1.11cpe:2.3:a:standards_based_linux_instrumentation_project:standards-based_linux_common_information_model_client:*:*:*:*:*:*:*:*