3 matches found
CVE-2017-3206
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...
CVE-2017-3206
CVE-2017-3206 affects Flamingo amf-serializer (Exadel) AMF3 deserializers; version 2.2.0 is vulnerable to XML External Entity (XXE) references from XML in AMF3 messages, potentially exposing data, causing DoS, or enabling SSRF. Remediation: apply an update to a newer version where XXE is addresse...
AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')
A detailed analysis of the reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers allow the external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose...