CVE-2015-1832

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:derby:10.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.10.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:derby:10.11.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-10-03 21:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-1832

Mitre link : CVE-2015-1832

CVE.ORG link : CVE-2015-1832


JSON object : View

Products Affected

apache

  • derby
CWE
CWE-399

Resource Management Errors

CWE-611

Improper Restriction of XML External Entity Reference