Xxe

2017-12-2922:29:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

CPENameOperatorVersion
play_frameworkeq2.2.0
play_frameworkeq2.2.0 milestone1
play_frameworkeq2.2.0 milestone2
play_frameworkeq2.2.0 milestone3
play_frameworkeq2.2.1
play_frameworkeq2.2.2
play_frameworkeq2.3.0
play_frameworkeq2.3.0 rc1
play_frameworkeq2.3.0 rc2
play_frameworkeq2.3.1

Name	Operator	Version
play_framework	eq	2.2.0
play_framework	eq	2.2.0 milestone1
play_framework	eq	2.2.0 milestone2
play_framework	eq	2.2.0 milestone3
play_framework	eq	2.2.1
play_framework	eq	2.2.2
play_framework	eq	2.3.0
play_framework	eq	2.3.0 rc1
play_framework	eq	2.3.0 rc2
play_framework	eq	2.3.1

Rows per page:

1-10 of 241

References

groups.google.com/forum/

infocon.org/cons/SyScan/SyScan%202015%20Singapore/SyScan%202015%20Singapore%20presentations/SyScan15%20David%20Jorm%20-%20Finding%20and%20exploiting%20novel%20flaws%20in%20Java%20software.pdf

playframework.com/security/vulnerability/CVE-2014-3630-XmlExternalEntity