CVE-2013-1665 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-1665 Interim 1 5 2023-12-08T02:42:44Z current 2021-05-30T13:10:09Z 2023-12-08T02:42:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-1665 The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2013-June/000493.html E-Mail link for SUSE-SU-2013:1062-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. CVE-2013-1665 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N