Lucene search

RedhatCVELIST:CVE-2017-7465

HistoryJun 27, 2018 - 4:00 p.m.

CVE-2017-7465

2018-06-2716:00:00

CWE-611

redhat

www.cve.org

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a ‘javax.xml.transform.TransformerFactory’. If the FEATURE_SECURE_PROCESSING feature is set to ‘true’, it mitigates this vulnerability.

CNA Affected

[
  {
    "product": "jboss",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97605

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVELIST:CVE-2017-7465