Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2017-7503
HistoryMay 18, 2017 - 8:19 a.m.

CVE-2017-7503

2017-05-1808:19:26
redhat.com
access.redhat.com
7

0.002 Low

EPSS

Percentile

62.1%

JSON

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

Mitigation

This issue affects processing of XML content from an untrusted source using a javax.xml.transform.TransformerFactory. The only safe way to process untrusted XML content with a TransformerFactory is to use the StAX API. StAX is a safe implementation on EAP 7.0.x because the XML content is not read in it's entirety in order to parse it. As a developer using StAX, you decide which XML stream events you want to react to, so XXE control constructs won't be processed automatically by the parser.

Related

cvelist 1
cve 2
prion 1
nvd 2
veracode 1
redhatcve 1
redhat 1
cvelist
cvelist
CVE-2017-7503
2017-05-18 15:00:00
cve
cve
CVE-2017-7503
2017-05-18 15:29:00
CVE-2017-7492
2017-05-22 15:29:00
prion
prion
Design/Logic Flaw
2017-05-18 15:29:00
nvd
nvd
CVE-2017-7503
2017-05-18 15:29:00
CVE-2017-7492
2017-05-22 15:29:00
veracode
veracode
XML External Entity (XXE)
2020-08-24 02:22:36
redhatcve
redhatcve
CVE-2017-7492
2017-05-08 23:18:49
redhat
redhat
(RHSA-2020:2563) Important: EAP Continuous Delivery Technical Preview Release 14 security update
2020-06-15 16:12:25

0.002 Low

EPSS

Percentile

62.1%

JSON
Related for RH:CVE-2017-7503
cvelist1cve2prion1nvd2veracode1redhatcve1redhat1