Lucene search

K

MitreCVELIST:CVE-2016-3674

HistoryMay 17, 2016 - 2:00 p.m.

CVE-2016-3674

2016-05-1714:00:00

mitre

www.cve.org

9

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

55.3%

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

References

lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html

lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html

rhn.redhat.com/errata/RHSA-2016-2822.html

rhn.redhat.com/errata/RHSA-2016-2823.html

www.debian.org/security/2016/dsa-3575

www.openwall.com/lists/oss-security/2016/03/25/8

www.openwall.com/lists/oss-security/2016/03/28/1

www.securityfocus.com/bid/85381

www.securitytracker.com/id/1036419

x-stream.github.io/changes.html#1.4.9

github.com/x-stream/xstream/issues/25

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

55.3%

Related for CVELIST:CVE-2016-3674

openvas7 debian2 nessus7 fedora3 atlassian4 osv4 nvd1 github1 debiancve1 ibm5 cve1 ubuntucve1 mageia1 prion1 redhat2 ubuntu1 oracle1