CVE-2008-0628
published 2008-02-06CVE-2008-0628: The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general…
high7.8CVSS 3.1
AVNACMAuNCNIPAC
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | jdk | — | — |
| sun | jre | <= 1.6.0 | — |