Lucene search

Veracode Vulnerability DatabaseVERACODE:7341

HistoryAug 21, 2018 - 9:14 a.m.

XML External Entity (XXE)

2018-08-2109:14:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

70.9%

JSON

dom4j is vulnerable to XML External Entity (XXE) attacks. The library does not properly validate the attributes that can be inserted by the user, allowing a malicious user to conduct an XXE attack.

CPENameOperatorVersion
dom4jle2.1.0
dom4jeq20040902.021138
dom4jle1.6.1
eap7-jboss-moduleseq1.5.1__1.Final_redhat_1.1.ep7.el6
eap7-jboss-moduleseq1.5.3__1.Final_redhat_1.1.ep7.el6
eap7-jboss-moduleseq1.6.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-moduleseq1.6.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-moduleseq1.5.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-moduleseq1.5.3__1.Final_redhat_1.1.ep7.el7
eap7-jboss-moduleseq1.5.1__1.Final_redhat_1.1.ep7.el7

Name	Operator	Version
dom4j	le	2.1.0
dom4j	eq	20040902.021138
dom4j	le	1.6.1
eap7-jboss-modules	eq	1.5.1__1.Final_redhat_1.1.ep7.el6
eap7-jboss-modules	eq	1.5.3__1.Final_redhat_1.1.ep7.el6
eap7-jboss-modules	eq	1.6.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-modules	eq	1.6.4__1.Final_redhat_1.1.ep7.el7
eap7-jboss-modules	eq	1.5.4__1.Final_redhat_1.1.ep7.el6
eap7-jboss-modules	eq	1.5.3__1.Final_redhat_1.1.ep7.el7
eap7-jboss-modules	eq	1.5.1__1.Final_redhat_1.1.ep7.el7

Rows per page:

1-10 of 58911

References

access.redhat.com/errata/RHSA-2019:0362

access.redhat.com/errata/RHSA-2019:0364

access.redhat.com/errata/RHSA-2019:0365

access.redhat.com/errata/RHSA-2019:0380

access.redhat.com/errata/RHSA-2019:1159

access.redhat.com/errata/RHSA-2019:1160

access.redhat.com/errata/RHSA-2019:1161

access.redhat.com/errata/RHSA-2019:1162

access.redhat.com/errata/RHSA-2019:3172

github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

github.com/dom4j/dom4j/issues/48

ihacktoprotect.com/post/dom4j-xml-injection/

lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E

lists.debian.org/debian-lts-announce/2018/09/msg00028.html

lists.fedoraproject.org/archives/list/[email protected]/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/

lists.fedoraproject.org/archives/list/[email protected]/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/

security.netapp.com/advisory/ntap-20190530-0001/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for VERACODE:7341