CVE-2017-1000190

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Configurations

Configuration 1 (hide)

cpe:2.3:a:simplexml_project:simplexml:2.7.1:*:*:*:*:*:*:*

History

21 Nov 2024, 03:04

Type Values Removed Values Added
References () https://github.com/ngallagher/simplexml/issues/18 - Exploit, Third Party Advisory () https://github.com/ngallagher/simplexml/issues/18 - Exploit, Third Party Advisory
References () https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E - () https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E -
References () https://lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36%40%3Cdev.lucene.apache.org%3E - () https://lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36%40%3Cdev.lucene.apache.org%3E -
References () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E - () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E -

07 Nov 2023, 02:37

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36@%3Cdev.lucene.apache.org%3E', 'name': '[lucene-dev] 20190723 [jira] [Updated] (SOLR-13648) vulnerable simple-xml-2.7.1.jar', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E', 'name': '[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E', 'name': '[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1', 'tags': [], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/8c4ef27e2c0218f29e785990dc919266855aea137c958f10d242cb36%40%3Cdev.lucene.apache.org%3E -
  • () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E -
  • () https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E -

Information

Published : 2017-11-17 21:29

Updated : 2024-11-21 03:04


NVD link : CVE-2017-1000190

Mitre link : CVE-2017-1000190

CVE.ORG link : CVE-2017-1000190


JSON object : View

Products Affected

simplexml_project

  • simplexml
CWE
CWE-611

Improper Restriction of XML External Entity Reference