CVE-2017-7503 — XML External Entity (XXE) Injection in HAT INC Jboss Enterprise Application Platform

CWE-611 — XML External Entity (XXE) Injection6 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Jboss Enterprise Application Platform Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 18

Latest updateMay 17

Description

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform7.0.5

▶CVEListV5red_hat_inc/jboss_enterprise_application_platform7.0.5

🔴Vulnerability Details

GHSA

GHSA-2f38-5w6m-7c6f: It was found that the Red Hat JBoss EAP 7↗2022-05-17

▶

CVEList

CVE-2017-7503: It was found that the Red Hat JBoss EAP 7↗2017-05-18

▶

📋Vendor Advisories

Red Hat

EAP: XXE issue in TransformerFactory↗2017-05-18

▶

💬Community

Bugzilla

CVE-2017-7503 wildfly: EAP: XXE issue in TransformerFactory [fedora-all]↗2017-05-18

▶

Bugzilla

CVE-2017-7503 EAP: XXE issue in TransformerFactory↗2017-05-18

▶