CVE-2017-7464

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing...

CVE-2017-7464

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing...

CVE-2017-7464

CVE-2017-7464 affects Red Hat JBoss EAP 7.x via the JAXP XML parser used for SAX/DOM parsing. The root cause is XXE flaws that could allow DoS, SSRF, or information disclosure when parsing XML content. Public sources describe affected software as JBoss EAP 7.0 and advise remediation by updating t...

Code injection

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a...

CVE-2017-7465

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a...

CVE-2017-7465

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a...

CVE-2017-7465

CVE-2017-7465 affects JBoss EAP 7.0 where the JAXP XSLT processing can be exploited for remote code execution if an attacker provides crafted XSLT content. The root cause involves TransformerFactory usage in JAXP during transforms. Mitigation is to enable the FEATURE_SECURE_PROCESSING flag (e.g.,...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 6 (Important) (RHSA-2017:1834)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1834 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.0.7 on RHEL 7 (Important) (RHSA-2017:1835)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1835 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

CVE-2017-7464

It was found that the JAXP implementation used in EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing. Mitigation Enable the security features of the...

CVE-2017-7465

It was found that the JAXP implementation used in EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Mitigation Doing a transform in JAXP requires the use of a...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...