17 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-3674
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Crucible before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Fisheye before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
Upgrade Xstream to address CVE-2016-3674
The bundled version of XStream in Fisheye before version 4.7.1 was vulnerable to CVE-2016-3674 https://nvd.nist.gov/vuln/detail/CVE-2016-3674...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
CVE-2016-3674
Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...
CVE-2016-3674
Summary: CVE-2016-3674 is an XML External Entity (XXE) vulnerability affecting XStream before 1.4.9, exploitable via crafted XML in multiple drivers (Dom4JDriver, DomDriver, JDomDriver, JDom2Driver, SjsxpDriver, StandardStaxDriver, WstxDriver). Root cause: insecure processing of XML external enti...
CVE-2016-3674
Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...
CVE-2016-3674
Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...
Debian DSA-3575-1 : libxstream-java - security update
It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
[SECURITY] [DSA 3575-1] libxstream-java security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3575-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 12, 2016 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3575-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2016-0164 Updated xstream packages fix CVE-2016-3674
Updated xstream packages fix security vulnerability: XStream x-stream.github.io is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker coul...
Fedora 22 : xstream-1.4.9-1.fc22 (2016-250042b8a6)
Security fix for CVE-2016-3674 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora Update for xstream FEDORA-2016-250042
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : xstream-1.4.9-1.fc24 (2016-175b56bb05)
Security fix for CVE-2016-3674 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...