PT-2018-8385 · Red Hat · Jboss Eap
Jason Shepherd
·
Publicado
2018-06-27
·
Atualizado
2023-02-12
·
CVE-2017-7465
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JBoss EAP version 7.0
Description
A code injection issue was found in the JAXP implementation used for XSLT processing, which could allow an attacker to achieve remote code execution if they can provide XSLT content for parsing. The issue involves the use of a
javax.xml.transform.TransformerFactory for doing transforms. Setting the FEATURE SECURE PROCESSING feature to true mitigates this issue.Recommendations
For JBoss EAP version 7.0, set the
FEATURE SECURE PROCESSING feature to true to mitigate the issue.Correção
RCE
XXE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jboss Eap