It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98546 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1451960 | Issue Tracking Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2017-05-18 15:29
Updated : 2024-02-28 15:44
NVD link : CVE-2017-7503
Mitre link : CVE-2017-7503
CVE.ORG link : CVE-2017-7503
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
CWE
CWE-611
Improper Restriction of XML External Entity Reference