Lucene search
+L

166 matches found

redhat
redhat
added 2014/07/16 6:12 p.m.9 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
redhat
redhat
added 2014/07/16 6:12 p.m.7 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
redhat
redhat
added 2014/07/16 12:17 a.m.5 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
redhat
redhat
added 2014/07/16 12:7 a.m.6 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
redhat
redhat
added 2014/07/15 5:24 p.m.6 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
redhat
redhat
added 2014/07/15 5:13 p.m.6 views

PicketLink: XXE via insecure DocumentBuilderFactory usage

It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...

7.5CVSS5.7AI score0.03857EPSS
Exploits0References4
Rows per page
Query Builder