CVE-2017-3208

Name of the Vulnerable Software and Affected Versions: WebORB for Java version 5.1.1.0

Description: The issue concerns the Java implementation of AMF3 deserializers in WebORB for Java, which allows external entity references (XXEs) from XML documents embedded within AMF3 messages. This could potentially expose sensitive data on the server, lead to denial of service, or enable server-side request forgery.

Recommendations: For version 5.1.1.0, consider disabling the AMF3 deserialization functionality until a patch is available to prevent potential exploitation. Restrict access to sensitive data on the server and monitor for signs of denial of service or server-side request forgery.