XML External Entity Vulnerability in Red Hat JBoss EAP 7.0.5
CVE-2017-7503

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Jboss Enterprise Application Platform
Vendor: CVE Published:; 18 May 2017

What is CVE-2017-7503?

In Red Hat JBoss EAP 7.0.5, a vulnerability in the implementation of javax.xml.transform.TransformerFactory exposes the software to XML External Entity (XXE) attacks. This flaw allows malicious actors to exploit the parser for launching denial-of-service (DoS) attacks, server-side request forgery (SSRF) attacks, and the potential to read sensitive files on the server where JBoss EAP is deployed. Proper validation and security measures are essential to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JBoss Enterprise Application Platform 7.0.5

References

http://www.securityfocus.com/bid/98546

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1451960

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2017
Vulnerability Reserved
Apr 5, 2017

JSON

Red Hat

What is CVE-2017-7503?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.