CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000651

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile41.62th
PublishedAug 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

Affected Platforms (CPE)

πŸ“¦
Gchq

Stroom

< 5.4.5

References & Advisories

πŸ”— https://0dd.zone/2018/08/08/stroom-XXE/
πŸ”— https://github.com/gchq/stroom/issues/813
πŸ”— https://0dd.zone/2018/08/08/stroom-XXE/
πŸ”— https://github.com/gchq/stroom/issues/813

Related Vulnerabilities

CVE-2019-107796.1

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scri...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...