Description

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

Remediation

References

CVE-2017-7503

Related Vulnerabilities

WordPress Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-6762)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)

WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.8)

WordPress Plugin Amazon Tools Cross-Site Scripting (1.7.2)

WordPress Plugin Video Chat Multiple Cross-Site Scripting Vulnerabilities (1.4.1)

Severity

Critical

Classification

CVE-2017-7503 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities