CVE-2017-7503
CRITICALRed Hat JBoss Enterprise Application Platform 7.0.5 - XML External Entity Injection via TransformerFactory
Title source: manualDescription
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98546
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1451960
Scores
CVSS v3
9.8
EPSS
0.0201
EPSS Percentile
78.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (2)
Red Hat, Inc./JBoss Enterprise Application Platform
7.0.5
redhat/jboss_enterprise_application_platform
7.0.5
Published
May 18, 2017
Tracked Since
Feb 18, 2026