CVE-2017-7465

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JBoss EAP version 7.0

Description A code injection issue was found in the JAXP implementation used for XSLT processing, which could allow an attacker to achieve remote code execution if they can provide XSLT content for parsing. The issue involves the use of a javax.xml.transform.TransformerFactory for doing transforms. Setting the FEATURE SECURE PROCESSING feature to true mitigates this issue.

Recommendations For JBoss EAP version 7.0, set the FEATURE SECURE PROCESSING feature to true to mitigate the issue.

Fix

RCE

XXE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-94

Related Identifiers

CVE-2017-7465

Affected Products

Jboss Eap

CVE-2017-7465

Weakness Enumeration

Related Identifiers

Affected Products

References · 4