CVE-2017-3206 Vulnerability Details

  /     /     /  

CVE-2017-3206 Metadata Quick Info

CVE Published: 11/06/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: certcc | Vendor: Exadel | Product: Flamingo amf-serializer
Status : PUBLISHED

---

CVE-2017-3206 Description

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-611
CWE Name: CWE-611: Improper Restriction of XML External Entity Reference ( XXE )
Source: Exadel

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).