Description

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

Remediation

References

CVE-2017-7503

Related Vulnerabilities

PostgreSQL Improper Access Control Vulnerability (CVE-2019-10130)

WordPress Plugin Real Media Library:Media Library Folder & File Manager Cross-Site Scripting (4.18.28)

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4725)

WordPress Plugin Error Log Viewer by BestWebSoft Cross-Site Scripting (1.0.5)

MySQL CVE-2012-2750 Vulnerability (CVE-2012-2750)

Severity

Critical

Classification

CVE-2017-7503 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities