CVE-2018-1000632

Опубликовано: 01 июл. 2018

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat BPM Suite 6	dom4j	Out of support scope
Red Hat Decision Manager 7	dom4j	Not affected
Red Hat Enterprise Linux 7	dom4j	Will not fix
Red Hat JBoss BRMS 5	dom4j	Out of support scope
Red Hat JBoss BRMS 6	dom4j	Out of support scope
Red Hat JBoss Enterprise Application Platform 5	dom4j	Will not fix
Red Hat JBoss Enterprise Web Server 2	dom4j	Will not fix
Red Hat JBoss Enterprise Web Server 3	dom4j	Will not fix
Red Hat JBoss Fuse 6	dom4j	Out of support scope
Red Hat JBoss Fuse Service Works 6	dom4j	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-88

https://bugzilla.redhat.com/show_bug.cgi?id=1620529dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

EPSS

Процентиль: 81%

0.01611

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-1000632

CVSS3: 7.5

ubuntu

больше 7 лет назад

CVE-2018-1000632

CVSS3: 7.5

nvd

больше 7 лет назад

CVE-2018-1000632

CVSS3: 7.5

debian

больше 7 лет назад

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...

openSUSE-SU-2018:3998-1

suse-cvrf

около 7 лет назад

Security update for dom4j

openSUSE-SU-2018:2931-1

suse-cvrf

больше 7 лет назад

Security update for dom4j

EPSS

Процентиль: 81%

0.01611

Низкий

5.3 Medium

CVSS3