PT-2017-12752 · Ibm+3 · Ibm Sdk+4

Publicado

2017-05-10

Atualizado

2018-01-05

CVE-2017-1289

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition (affected versions not specified) zlib (affected versions not specified)

Description The issue concerns an XML External Entity Injection (XXE) error and a denial of service vulnerability. A remote attacker could exploit these vulnerabilities to expose sensitive information, consume memory resources, or cause a denial of service by persuading a victim to open a specially crafted document.

Recommendations For IBM SDK, Java Technology Edition, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For zlib, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2017-1289

RHSA-2017:1220

RHSA-2017:1221

RHSA-2017:1222

RHSA-2017:3453

RHSA-2017_1220

RHSA-2017_1221

RHSA-2017_1222

SUSE-SU-2017:1384-1

SUSE-SU-2017:1385-1

SUSE-SU-2017:1386-1

SUSE-SU-2017:1387-1

SUSE-SU-2017:1389-1

SUSE-SU-2017:1444-1

Produtos afetados

Ibm Aix

Ibm Sdk

Red Hat

Suse

Zlib

PT-2017-12752 · Ibm+3 · Ibm Sdk+4

CVE-2017-1289

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34