CVE-2016-15011
MEDIUMe-Contract dssp <1.3.2 - XML External Entity Reference
Title source: llmDescription
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.217549
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.217549
Patch, Third Party Advisory patch
https://github.com/e-Contract/dssp/commit/ec4238349691ec66dd30b416ec6eaab02d722302
Release Notes, Third Party Advisory patch
https://github.com/e-Contract/dssp/releases/tag/dssp-1.3.2
Scores
CVSS v3
5.5
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-611
Status
published
Products (2)
be.e_contract.dssp/dssp-client
0 - 1.3.2Maven
e-contract/dssp
< 1.3.2
Published
Jan 06, 2023
Tracked Since
Feb 18, 2026