JVN/CVE Demo: Nvdinfos

NVD

Id: 50906
Name: CVE-2009-3720
Description: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Reject
CVSS Version: 2
CVSS Score: 5
Severity: Medium
CVSS Base Score: 5
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 10
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Pub Date: 2017-01-07
Published: 2009-11-03
Modified Date: 2016-08-22
Seq: 2009-3720

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
257706	50906	CVE-2009-3720	http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch	View
257707	50906	CVE-2009-3720	http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log	View
257708	50906	CVE-2009-3720	FEDORA-2010-17762	View
257709	50906	CVE-2009-3720	FEDORA-2010-17732	View
257710	50906	CVE-2009-3720	FEDORA-2010-17720	View
257711	50906	CVE-2009-3720	FEDORA-2010-17819	View
257712	50906	CVE-2009-3720	FEDORA-2010-17807	View
257713	50906	CVE-2009-3720	SUSE-SR:2009:018	View
257714	50906	CVE-2009-3720	SUSE-SR:2010:011	View
257715	50906	CVE-2009-3720	SUSE-SR:2010:012	View
257716	50906	CVE-2009-3720	SUSE-SR:2010:013	View
257717	50906	CVE-2009-3720	SUSE-SR:2010:014	View
257718	50906	CVE-2009-3720	[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates	View
257719	50906	CVE-2009-3720	[expat-bugs] 20090117 [ expat-Bugs-1990430 ] Parser crash with specially formatted UTF-8 sequences	View
257720	50906	CVE-2009-3720	HPSBUX02645	View
257721	50906	CVE-2009-3720	oval:org.mitre.oval:def:11019	View
257722	50906	CVE-2009-3720	oval:org.mitre.oval:def:12719	View
257723	50906	CVE-2009-3720	oval:org.mitre.oval:def:7112	View
257724	50906	CVE-2009-3720	SSA:2011-041-02	View
257725	50906	CVE-2009-3720	http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127	View
257726	50906	CVE-2009-3720	273630	View
257727	50906	CVE-2009-3720	http://svn.python.org/view?view=rev&revision=74429	View
257728	50906	CVE-2009-3720	MDVSA-2009:211	View
257729	50906	CVE-2009-3720	MDVSA-2009:212	View
257730	50906	CVE-2009-3720	MDVSA-2009:215	View
257731	50906	CVE-2009-3720	MDVSA-2009:216	View
257732	50906	CVE-2009-3720	MDVSA-2009:217	View
257733	50906	CVE-2009-3720	MDVSA-2009:218	View
257734	50906	CVE-2009-3720	MDVSA-2009:219	View
257735	50906	CVE-2009-3720	MDVSA-2009:220	View
257736	50906	CVE-2009-3720	[oss-security] 20090821 expat bug 1990430	View
257737	50906	CVE-2009-3720	[oss-security] 20090826 Re: expat bug 1990430	View
257738	50906	CVE-2009-3720	[oss-security] 20090826 Re: Re: expat bug 1990430	View
257739	50906	CVE-2009-3720	[oss-security] 20090827 Re: Re: expat bug 1990430	View
257740	50906	CVE-2009-3720	[oss-security] 20090906 Re: Re: expat bug 1990430	View
257741	50906	CVE-2009-3720	[oss-security] 20091022 Regarding expat bug 1990430	View
257742	50906	CVE-2009-3720	[oss-security] 20091022 Re: Regarding expat bug 1990430	View
257743	50906	CVE-2009-3720	[oss-security] 20091022 Re: Re: Regarding expat bug 1990430	View
257744	50906	CVE-2009-3720	[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]	View
257745	50906	CVE-2009-3720	[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]	View
257746	50906	CVE-2009-3720	[oss-security] 20091028 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]	View
257747	50906	CVE-2009-3720	RHSA-2010:0002	View
257748	50906	CVE-2009-3720	RHSA-2011:0896	View
257749	50906	CVE-2009-3720	1023160	View
257750	50906	CVE-2009-3720	USN-890-1	View
257751	50906	CVE-2009-3720	USN-890-6	View
257752	50906	CVE-2009-3720	ADV-2010-0528	View
257753	50906	CVE-2009-3720	ADV-2010-0896	View
257754	50906	CVE-2009-3720	ADV-2010-1107	View
257755	50906	CVE-2009-3720	ADV-2010-3035	View
257756	50906	CVE-2009-3720	ADV-2010-3053	View
257757	50906	CVE-2009-3720	ADV-2010-3061	View
257758	50906	CVE-2009-3720	ADV-2011-0359	View
257759	50906	CVE-2009-3720	https://bugs.gentoo.org/show_bug.cgi?id=280615	View
257760	50906	CVE-2009-3720	https://bugzilla.redhat.com/show_bug.cgi?id=531697	View
257761	50906	CVE-2009-3720	FEDORA-2009-12690	View
257762	50906	CVE-2009-3720	FEDORA-2009-12737	View
257763	50906	CVE-2009-3720	FEDORA-2009-12753	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
41385	JVNDB-2009-002392	Expat の libexpat におけるサービス運用妨害 (DoS) の脆弱性	Python などで使用されている Expat の libexpat には、UTF-8 シーケンスを持つ XML ドキュメントの処理に不備があるため、サービス運用妨害 (DoS) の脆弱性が存在します。	CVE-2009-3720	41151	CVE-2009-3720	50906	5		http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002392.html	2009-11-03	2012-12-19	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.38 MB
View render complete	47.81 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.60
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	269.37
Event: Controller.beforeRender	5.19
» Processing toolbar data	5.09
Rendering View	1832.24
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1760.27
» Event: View.afterRender	0.05
» Event: View.beforeLayout	0.03
» Rendering APP/View/Layouts/default.ctp	44.94
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	14.25
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/50906
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/50906
Remote Port	16881
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.45
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.48.224
Http Via	1.1 squid-proxy-5b5d847c96-vhg9g (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.45
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.45
Unique Id	aLKDHDF4KhRxWQnUMFQn5QAAASU
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.45
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.45
Redirect Unique Id	aLKDHDF4KhRxWQnUMFQn5QAAASU
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.45
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.45
Redirect Redirect Unique Id	aLKDHDF4KhRxWQnUMFQn5QAAASU
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1756529436.0604
Request Time	1756529436

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files