CVE-2017-7465

CVSS 9 CRITICALEPSS 3.0%CWE-611

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9EPSS 3.0%KEV nãoPoC —Patch —

Ciclo de vida

27 jun 2018Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

[UNKNOWN] · jboss

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465 http://www.securityfocus.com/bid/97605