CVE-2017-7465 Vulnerability Details

  /     /     /  

CVE-2017-7465 Metadata Quick Info

CVE Published: 27/06/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: [UNKNOWN] | Product: jboss
Status : PUBLISHED

---

CVE-2017-7465 Description

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a \'javax.xml.transform.TransformerFactory\'. If the FEATURE_SECURE_PROCESSING feature is set to \'true\', it mitigates this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-611
CWE Name: CWE-611
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).