admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/3xxx/CVE-2017-3208.json
CVE Team bbf865baa4
- Synchronized data.
2018-06-13 12:05:04 -04:00

84 lines
2.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3208",
"STATE" : "PUBLIC",
"TITLE" : "The Action Message Format (AMF3) deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebORB for Java",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_name" : "5.1.1.0",
"version_value" : "5.1.1.0"
}
]
}
}
]
},
"vendor_name" : "Midnight Coders"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution",
"refsource" : "MISC",
"url" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution"
},
{
"name" : "https://codewhitesec.blogspot.com/2017/04/amf.html",
"refsource" : "MISC",
"url" : "https://codewhitesec.blogspot.com/2017/04/amf.html"
},
{
"name" : "VU#307983",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/307983"
},
{
"name" : "97384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97384"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink