PT-2017-9774 · Apache · Apache Abdera Parser+1

0Ang3El

Published

2017-08-10

Updated

2022-05-13

CVE-2016-8739

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.0.12 Apache CXF versions 3.1.x prior to 3.1.9

Description The issue concerns the JAX-RS module in Apache CXF, which provides Atom JAX-RS MessageBodyReaders that utilize the Apache Abdera Parser. This parser expands XML entities by default, posing a significant XML External Entity (XXE) risk.

Recommendations For Apache CXF versions prior to 3.0.12, update to version 3.0.12 or later. For Apache CXF versions 3.1.x prior to 3.1.9, update to version 3.1.9 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2016-8739

GHSA-X7XF-253V-X3W8

Affected Products

Apache Abdera Parser

Apache Cxf

PT-2017-9774 · Apache · Apache Abdera Parser+1

CVE-2016-8739

Weakness Enumeration

Related Identifiers

Affected Products

References · 22