CVE-2018-1000090

{"id": "CVE-2018-1000090", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-03-13T15:29:01.440", "references": [{"url": "https://github.com/textpattern/textpattern/issues/1141", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file."}, {"lang": "es", "value": "textpattern, versi\u00f3n 4.6.2, contiene una vulnerabilidad de inyecci\u00f3n XMl en la caracter\u00edstica Import XML que puede resultar en una denegaci\u00f3n de servicio (DoS) en el servidor web agotando los recursos de la memoria del servidor. Este ataque parece ser explotable mediante la subida de un archivo XML especialmente manipulado."}], "lastModified": "2018-04-13T14:37:29.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:textpattern:textpattern:4.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDC99E17-257D-44DB-AAD0-88287AC6ECC2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}