FortiClient Vulnerability

Python CVE-2013-0340 XML External Entity Vulnerability

Description

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Affected Applications

Python

CVE References

CVE-2013-0340

Other References

https://bugs.python.org/

ID	72713
Created	Jul 10, 2022
Description Updated	Dec 18, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Python Software Foundation
Patch	manual
Application	Python

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Python CVE-2013-0340 XML External Entity Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Python CVE-2013-0340 XML External Entity Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center