Lakka, Matina (Nokia - GR/Athens)
2016-03-16 12:19:35 UTC
Hi all,
I would like to ask a question regarding "CVE-2015-0252 and CVE-2016-0729" vulnerabilities.
We are using xerces c++ 2.8.0 and therefore we are affected from both "Buffer Overflow Vulnerability - CVE-2016-0729" and "Denial of Service Vulnerability - CVE-2015-0252".
In the description provided it is mentioned that these vulnerabilities can be exploited by an unauthenticated attacker.
Our software uses XML parsing and login is required so as to proceed with XML parsing. The question is whether the login procedure reduces the vulnerability criticality, regarding authentication metric (cvss score). Is this attacker still considered as unauthenticated in our case?
Thank you in advance for your prompt reply.
Best,
Matina
Matina Lakka
FN Services PV R&D 22
NOKIA
Promitheos Str. 12, 145 64 Nea Kifissia
Athens - Greece
mail to: ***@nsn.com
I would like to ask a question regarding "CVE-2015-0252 and CVE-2016-0729" vulnerabilities.
We are using xerces c++ 2.8.0 and therefore we are affected from both "Buffer Overflow Vulnerability - CVE-2016-0729" and "Denial of Service Vulnerability - CVE-2015-0252".
In the description provided it is mentioned that these vulnerabilities can be exploited by an unauthenticated attacker.
Our software uses XML parsing and login is required so as to proceed with XML parsing. The question is whether the login procedure reduces the vulnerability criticality, regarding authentication metric (cvss score). Is this attacker still considered as unauthenticated in our case?
Thank you in advance for your prompt reply.
Best,
Matina
Matina Lakka
FN Services PV R&D 22
NOKIA
Promitheos Str. 12, 145 64 Nea Kifissia
Athens - Greece
mail to: ***@nsn.com