CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1000651

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile41.62th
Published2018年8月20日
Last Modified2024年11月21日

Vulnerability Description

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

Affected Platforms (CPE)

📦
Gchq

Stroom

< 5.4.5

References & Advisories

🔗 https://0dd.zone/2018/08/08/stroom-XXE/
🔗 https://github.com/gchq/stroom/issues/813
🔗 https://0dd.zone/2018/08/08/stroom-XXE/
🔗 https://github.com/gchq/stroom/issues/813

関連する脆弱性情報

CVE-2019-107796.1

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scri...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...