Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
References
Configurations
History
21 Nov 2024, 02:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html - Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2822.html - Broken Link | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2823.html - Broken Link | |
References | () http://www.debian.org/security/2016/dsa-3575 - Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/03/25/8 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/03/28/1 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/85381 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1036419 - Third Party Advisory, VDB Entry | |
References | () http://x-stream.github.io/changes.html#1.4.9 - Vendor Advisory | |
References | () https://github.com/x-stream/xstream/issues/25 - Vendor Advisory |
Information
Published : 2016-05-17 14:08
Updated : 2024-11-21 02:50
NVD link : CVE-2016-3674
Mitre link : CVE-2016-3674
CVE.ORG link : CVE-2016-3674
JSON object : View
Products Affected
debian
- debian_linux
xstream_project
- xstream
fedoraproject
- fedora
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor