Veracode Vulnerability DatabaseVERACODE:36421Remote Code Execution
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.6%
xalan:xalan is vulnerable to remote code execution. An attacker is able to corrupt Java class files generated by the internal XSLTC compiler and execute harmful Java bytecodes on the host machine due to an integer truncation flaw which occurs during XSLT style sheet processing.
References
packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
www.openwall.com/lists/oss-security/2022/07/19/5
www.openwall.com/lists/oss-security/2022/07/19/6
www.openwall.com/lists/oss-security/2022/07/20/2
www.openwall.com/lists/oss-security/2022/07/20/3
www.openwall.com/lists/oss-security/2022/10/18/2
www.openwall.com/lists/oss-security/2022/11/04/8
www.openwall.com/lists/oss-security/2022/11/07/2
lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
lists.debian.org/debian-lts-announce/2022/10/msg00024.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
lists.fedoraproject.org/archives/list/[email protected]/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
lists.fedoraproject.org/archives/list/[email protected]/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
lists.fedoraproject.org/archives/list/[email protected]/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
lists.fedoraproject.org/archives/list/[email protected]/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
lists.fedoraproject.org/archives/list/[email protected]/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
lists.fedoraproject.org/archives/list/[email protected]/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
security.netapp.com/advisory/ntap-20220729-0009/
www.debian.org/security/2022/dsa-5188
www.debian.org/security/2022/dsa-5192
www.debian.org/security/2022/dsa-5256
www.openwall.com/lists/oss-security/2022/07/19/6
www.oracle.com/security-alerts/cpujul2022.html
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.6%