PT-2022-21942 · Untangle · Untangle
Taichi Kotake
·
Published
2022-07-26
·
Updated
2022-08-06
·
CVE-2022-33977
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
untangle versions 1.2.0 and earlier
Description
The issue is related to the improper restriction of recursive entity references in DTDs, which can be exploited by a remote unauthenticated attacker to cause a denial-of-service (DoS) condition on the server where the product is running.
Recommendations
For versions 1.2.0 and earlier, update to version 1.2.1 to resolve the issue.
At the moment, there is no other information about additional mitigation measures.
Fix
XML Entity Expansion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Untangle