Lucene search
Veracode Vulnerability DatabaseVERACODE:3864HistoryApr 09, 2017 - 9:47 a.m.
External XML Entity (XXE) Attacks
2017-04-0909:47:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
29.8%
ignite-core is vulnerable external XML entity (XXE) attacks. The update notifier component sends sensitive system data over an unsecured HTTP connection. Since TLS is not used man-in-the-middle (MitM) attacks also possible. Attackers can alter the response coming from the server the information is sent to. This response is then parsed as XML leading to an XXE attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ignite-core | le | 1.1.0-incubating | |
| ignite-core | le | 1.8.0 |
Related
github
github
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
2018-10-16 20:53:31
nvd
nvd
CVE-2016-6805
2017-04-07 19:59:00
osv
osv
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
2018-10-16 20:53:31
CVE-2016-6805
2017-04-07 19:59:00
cvelist
cvelist
CVE-2016-6805
2017-04-07 19:00:00
cve
cve
CVE-2016-6805
2017-04-07 19:59:00
prion
prion
Code injection
2017-04-07 19:59:00