CVE-2012-3488
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2012-3488
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PostgreSQL ‘xml_parse()’任意文件读取漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PostgreSQL是PostgreSQL开发组所研发的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL中的xml_parse()中存在漏洞,可被恶意攻击者利用泄露某些敏感信息。该漏洞源于解析带有XML文档的DTD数据时‘xml_parse()’函数中存在错误。攻击者可利用该漏洞读取任意文件。早期版本至9.1.5、9.0.9、8.4.13、8.3.20版本中存在漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2012-3488
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2012-3488
Please Login to view more intelligence information
- 🔗 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
- http://www.postgresql.org/docs/8.3/static/release-8-3-20.htmlx_refsource_CONFIRM
- http://www.postgresql.org/support/security/x_refsource_CONFIRM
- http://www.postgresql.org/about/news/1407/x_refsource_CONFIRM
- http://www.postgresql.org/docs/9.1/static/release-9-1-5.htmlx_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=849172x_refsource_CONFIRM
- http://www.postgresql.org/docs/9.0/static/release-9-0-9.htmlx_refsource_CONFIRM
- http://www.postgresql.org/docs/8.4/static/release-8-4-13.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2012-3488
Same Patch Batch · n/a · 2012-10-03 · 12 CVEs total
| CVE-2012-3552 | Linux Kernel ‘inet->opt ip_options’本地拒绝服务漏洞 | |
| CVE-2011-1833 | Linux kernel eCryptfs 任意目录装载漏洞 | |
| CVE-2011-3209 | Linux Kernel ‘clock_gettime()’ 本地拒绝服务漏洞 | |
| CVE-2012-3375 | Linux kernel 安全漏洞 | |
| CVE-2012-3400 | Linux Kernel 缓冲区错误漏洞 | |
| CVE-2012-3412 | Linux kernel 数字错误漏洞 | |
| CVE-2012-3430 | Linux Kernel ‘rds_recvmsg()‘函数本地信息泄露漏洞 | |
| CVE-2012-3510 | Linux kernel 资源管理错误漏洞 | |
| CVE-2012-3511 | Linux kernel 竞争条件问题漏洞 | |
| CVE-2012-3520 | Linux Kernel Netlink消息处理本地权限提升漏洞 | |
| CVE-2012-3489 | PostgreSQL‘xslt_process()’任意文件重写漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2012-3488
No comments yet