exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2018-11788

около 7 лет назад

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.

CVSS3: 7.3

EPSS: Средний

CVE-2018-11788

около 7 лет назад

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.

CVSS3: 9.8

EPSS: Средний

CVE-2018-11788

около 7 лет назад

Apache Karaf provides a features deployer, which allows users to "hot ...

CVSS3: 9.8

EPSS: Средний

GHSA-92wj-x78c-m4fx

около 7 лет назад

XML External Entity Reference in Apache Karaf

CVSS3: 9.8

EPSS: Средний

BDU:2019-04862

около 7 лет назад

Уязвимость класса XMLInputFactory контейнера OSGi Apache Karaf, позволяющая нарушителю выполнить произвольный код

CVSS3: 9.8

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2018-11788 Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.	CVSS3: 7.3	25% Средний	около 7 лет назад
CVE-2018-11788 Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.	CVSS3: 9.8	25% Средний	около 7 лет назад
CVE-2018-11788 Apache Karaf provides a features deployer, which allows users to "hot ...	CVSS3: 9.8	25% Средний	около 7 лет назад
GHSA-92wj-x78c-m4fx XML External Entity Reference in Apache Karaf	CVSS3: 9.8	25% Средний	около 7 лет назад
BDU:2019-04862 Уязвимость класса XMLInputFactory контейнера OSGi Apache Karaf, позволяющая нарушителю выполнить произвольный код	CVSS3: 9.8	25% Средний	около 7 лет назад

Уязвимостей на страницу