cbcvebase.
CVE-2021-33813
published 2021-06-16

CVE-2021-33813: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
19.44%
97.0th percentile
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Affected

10 ranges
VendorProductVersion rangeFixed in
apachesolr
apachesolr
apachetika
debiandebian_linux
debianlibjdom1-java< libjdom1-java 1.1.3-2.1 (bookworm)libjdom1-java 1.1.3-2.1 (bookworm)
debianlibjdom2-intellij-java< libjdom1-java 1.1.3-2.1 (bookworm)libjdom1-java 1.1.3-2.1 (bookworm)
debianlibjdom2-java< libjdom1-java 1.1.3-2.1 (bookworm)libjdom1-java 1.1.3-2.1 (bookworm)
fedoraprojectfedora
jdomjdom<= 2.0.6
oraclecommunications_messaging_server

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.