CVE-2017-8315
HIGHEclipse IDE <= 2017.2.5 - XML External Entity Injection via AndroidManifest.xml
Title source: llmDescription
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/
Scores
CVSS v3
7.5
EPSS
0.0066
EPSS Percentile
71.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
eclipse/ide
2017.2.5
Published
Apr 20, 2018
Tracked Since
Feb 18, 2026