CVE-2017-7503

Name of the Vulnerable Software and Affected Versions Red Hat JBoss EAP version 7.0.5

Description The issue is related to the implementation of javax.xml.transform.TransformerFactory in Red Hat JBoss EAP, which is vulnerable to XML External Entity (XXE) attacks. This could allow an attacker to launch Denial of Service (DoS) or Server-Side Request Forgery (SSRF) attacks, or read files from the server where EAP is deployed.

Recommendations For Red Hat JBoss EAP version 7.0.5, update the javax.xml.transform.TransformerFactory implementation to prevent XXE attacks. As a temporary workaround, consider restricting access to sensitive files on the server and implementing network controls to minimize the risk of SSRF attacks.