Описание
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| derby | fixed | 10.13.1.1-1 | package | |
| derby | no-dsa | jessie | package |
Примечания
https://issues.apache.org/jira/browse/DERBY-6807
https://svn.apache.org/viewvc?view=revision&revision=1691461
Fixed in 10.12.1.1
Связанные уязвимости
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
Improper Restriction of XML External Entity Reference in Apace Derby
Уязвимость системы управления базами данных Apache Derby, связанная с ошибками управления ресурсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании