You are here

Use-after-free vulnerabilities in libxml2 2.9.0 and earlier

IDs: 
CVE-2013-1969
Keywords: 
libxml2, HTML parser
Description: 

Three use-after-free vulnerabilities have been found in the legacy parser libxml2 of Airlock 4.2.x. We rate the risk of this vulnerability as low since Airlock protects against attacks trying to manipulate the HTML sent from a back-end system. 

The standard HTML parser of Airlock, available since version 4.2.2 of Airlock, is not vulnerable to this issue.

To check which HTML parser is active on you Airlock system login to the Configuration Center,  go to "Application Firewall" - "Reverse Proxy" - open the Mapping you want to check - go to the "Advanced" tab and check the "Use libxml2 HTML parser (legacy)" check box in the section "Content parsing" .

Resolution: 

no action required.

Component: 
Airlock
Airlock Vulnerability Status: 
No action required
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock