Executive Summary
Summary | |
---|---|
Title | Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities |
Informations | |||
---|---|---|---|
Name | VU#279472 | First vendor Publication | 2016-03-24 |
Vendor | VU-CERT | Last vendor Modification | 2016-03-24 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.5 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#279472Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entitiesOverviewGranite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity (XXE) attack that may be leveraged to expose sensitive data on the host.. Description
Impact
Solution
Vendor Information (Learn More)No information available. If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More)
References
CreditThanks to Travis Emmert for reporting this vulnerability. This document was written by Kyle O'Meara. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/279472 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 1 | |
Application | 4 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-09-03 | IAVM : 2015-A-0205 - Adobe Cold Fusion Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0061363 |
2015-08-20 | IAVM : 2015-B-0102 - Adobe LiveCycle Data Services Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0061331 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-09 | Name : The remote host is affected by an external entity injection vulnerability. File : hp_operations_manager_i_hpsbgn03550.nasl - Type : ACT_GATHER_INFO |
2015-12-22 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2015-0008.nasl - Type : ACT_GATHER_INFO |
2015-09-03 | Name : A web-based application running on the remote Windows host is affected by an ... File : coldfusion_win_apsb15-21.nasl - Type : ACT_GATHER_INFO |
2015-04-13 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-04-07 09:23:17 |
|
2016-03-29 05:29:04 |
|
2016-03-26 00:27:07 |
|
2016-03-24 17:22:19 |
|