CRITICAL🇬🇧 English

CVE-2018-1000651

CVSS 10.0v3.0pub. 2018-08-20upd. 2024-11-21

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Gchq Stroom

    APP
    Gchq
    < 5.4.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoSXXE
CWE
Referencje

Powiązane podatności

CVE-2019-10779MEDIUM6.1ten sam produkt

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affecte...

CVE-2019-15532MEDIUM6.1ten sam vendor

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.