CVE-2017-7503

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
References
Link Resource
http://www.securityfocus.com/bid/98546 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1451960 Issue Tracking Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-18 15:29

Updated : 2024-02-28 15:44


NVD link : CVE-2017-7503

Mitre link : CVE-2017-7503

CVE.ORG link : CVE-2017-7503


JSON object : View

Products Affected

redhat

  • jboss_enterprise_application_platform
CWE
CWE-611

Improper Restriction of XML External Entity Reference