WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

GHSA-H94W-8QHG-3XMC WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

CVE-2025-2905

The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...

RHEL 5 : java-1.4.2-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - OpenJDK: InetSocketAddress serialization issue Networking, 7201071 CVE-2013-0433 - Oracle JDK 7: bypass o...

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

Java 7 Applet Remote Code Execution

The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod. Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which...