CVE-2016-3674
Severity
7.5HIGH
EPSS
2.9%
top 13.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 17
Latest updateAug 22
Description
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0, Fedora 22, 23
🔴Vulnerability Details
5CVEList▶
CVE-2016-3674: Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) Standa↗2016-05-17
OSV▶
CVE-2016-3674: Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) Standa↗2016-05-17
📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2016-3674 jenkins-xstream: XStream: enabled processing of external entities [fedora-all]↗2016-03-29