XML External Entity Vulnerability in Red Hat JBoss EAP 7.0.5
CVE-2017-7503

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Jboss Enterprise Application Platform
Vendor: CVE Published:; 18 May 2017

What is CVE-2017-7503?

In Red Hat JBoss EAP 7.0.5, a vulnerability in the implementation of javax.xml.transform.TransformerFactory exposes the software to XML External Entity (XXE) attacks. This flaw allows malicious actors to exploit the parser for launching denial-of-service (DoS) attacks, server-side request forgery (SSRF) attacks, and the potential to read sensitive files on the server where JBoss EAP is deployed. Proper validation and security measures are essential to mitigate these risks.

Affected Version(s)

JBoss Enterprise Application Platform 7.0.5

References

http://www.securityfocus.com/bid/98546

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1451960

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2017
Vulnerability Reserved
Apr 5, 2017