Description

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.

Remediation

References

CVE-2017-7464

Related Vulnerabilities

Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-11628)

Apache HTTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-3303)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.15)

WordPress 2.2 Multiple Vulnerabilities (2.2)

Severity

Critical

Classification

CVE-2017-7464 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities