EUVD-2016-3424

Malware in sbrugna...

Xxe

The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...

CVE-2016-2340

The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...

CVE-2016-2340

CVE-2016-2340 affects Granite Data Services (GraniteDS) AMF framework in version 3.1.1-SNAPSHOT. The vulnerability is an XML External Entity (XXE) issue that, when parsing XML, can allow remote authenticated users to read arbitrary files, issue TCP requests to intranet servers, or cause a denial ...

CVE-2016-2340

The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...

Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities

Overview Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity XXE attack that may be leveraged to expose sensitive data on the host.. Description CWE-611- Improper Restriction of XML External Entity Reference 'XXE' - CVE-2016-2340 Granite Data Services...