Lucene search

K

Themidnightcoders Security Vulnerabilities

cve
cve

CVE-2017-3208

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,.....

9.8CVSS

9.4AI Score

0.004EPSS

2018-06-11 05:29 PM
27
cve
cve

CVE-2017-3207

The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an...

9.8CVSS

9.6AI Score

0.037EPSS

2018-06-11 05:29 PM
28