Описание
An XML External Entity (XXE) Injection vulnerability was reported in the XPath component of HornetQ.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | artemis | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | hornetq | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | hornetq | Not affected | ||
| Red Hat Satellite 6 | hornetq | Will not fix | ||
| Red Hat Subscription Asset Manager | hornetq | Will not fix | ||
| Red Hat Satellite 6.4 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | candlepin | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | createrepo_c | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:2927 | 16.10.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=1225252hornetq: XXE/SSRF in XPath selector
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 8 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS3: 9.8
github
больше 3 лет назад
Withdrawn Advisory: Improper Restriction of XML External Entity Reference in Apache ActiveMQ
4.3 Medium
CVSS2