PT-2008-2253 · Sun · Sun Java Runtime Environment

Publicado

2008-02-06

Atualizado

2018-10-15

CVE-2008-0628

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier

Description The issue is related to the XML parsing code, which processes external entity references even when the external general entities property is set to false. This allows remote attackers to conduct XML external entity (XXE) attacks, potentially causing a denial of service or accessing restricted resources.

Recommendations For Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier, update to a version later than Update 3 to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2008-0628

RHSA-2008:0245

Produtos afetados

Sun Java Runtime Environment

PT-2008-2253 · Sun · Sun Java Runtime Environment

CVE-2008-0628

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20