Описание
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
Отчет
In OpenShift Container Platform (OCP), the hive and hadoop components that comprise the OCP metering stack, ship the vulnerable version of jdom. Since the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix. This may be fixed in the future. This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. Please see the following page for more information on Red Hat Enterprise Linux support scopes: https://access.redhat.com/support/policy/updates/errata/ . [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | jdom | Out of support scope | ||
| Red Hat BPM Suite 6 | jdom2 | Out of support scope | ||
| Red Hat CodeReady Studio 12 | jdom | Will not fix | ||
| Red Hat Enterprise Linux 6 | jdom | Out of support scope | ||
| Red Hat Enterprise Linux 7 | jdom | Out of support scope | ||
| Red Hat JBoss A-MQ 6 | jdom | Out of support scope | ||
| Red Hat JBoss BRMS 5 | jdom | Out of support scope | ||
| Red Hat JBoss BRMS 5 | jdom2 | Out of support scope | ||
| Red Hat JBoss BRMS 6 | jdom | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | jdom | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...
EPSS
7.5 High
CVSS3