XXE Vulnerability in JBoss EAP 7.0 by Red Hat
CVE-2017-7464

8.7HIGH

Key Information:

Vendor: [unknown]
Status: Jboss
Vendor: CVE Published:; 27 July 2018

What is CVE-2017-7464?

The JBoss EAP 7.0 contains a vulnerability in its JAXP implementation that affects SAX and DOM parsing. Attackers can exploit this flaw to submit crafted XML content, potentially leading to denial of service (DoS), server-side request forgery (SSRF), or the disclosure of sensitive information. Proper security measures and updates are crucial to mitigate these risks.

Affected Version(s)

JBoss

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98450

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Apr 5, 2017

CVE-2017-7464 Data

JSON

[unknown]

What is CVE-2017-7464?

Affected Version(s)

References

CVSS V3.1

Timeline