exploitDog

CVE-2018-15531

Опубликовано: 26 сент. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

Ссылки

http://www.openwall.com/lists/oss-security/2018/09/25/3
Mailing List
Third Party Advisory
https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353
Patch
Vendor Advisory
https://github.com/javamelody/javamelody/wiki/ReleaseNotes
Release Notes
Vendor Advisory
https://jenkins.io/security/advisory/2018-09-25/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/09/25/3
Mailing List
Third Party Advisory
https://github.com/javamelody/javamelody/commit/ef111822562d0b9365bd3e671a75b65bd0613353
Patch
Vendor Advisory
https://github.com/javamelody/javamelody/wiki/ReleaseNotes
Release Notes
Vendor Advisory
https://jenkins.io/security/advisory/2018-09-25/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:javamelody_project:javamelody:*:*:*:*:*:*:*:*

Версия до 1.74.0 (исключая)

EPSS

Процентиль: 94%

0.14294

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-6fvx-r7hx-3vh6

CVSS3: 9.8

github

больше 7 лет назад

JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

EPSS

Процентиль: 94%

0.14294

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611