XStream CVE-2016-3674 XML External Entity Multiple Information Disclosure Vulnerabilities



XStream is prone to multiple information-disclosure vulnerabilities.

An attacker can exploit these issues to gain access to sensitive information from the application; this may lead to further attacks.

Note: This issue was previously titled 'XStream XML External Entity Denial of Service Vulnerability'. The title has been changed to better reflect the vulnerability information.

Versions prior to XStream 1.4.9 are vulnerable.

Information

Bugtraq ID: 85381
Class: Input Validation Error
CVE: CVE-2016-3674

Remote: Yes
Local: No
Published: Mar 25 2016 12:00AM
Updated: Apr 19 2017 07:05PM
Credit: Jörg Schaible
Vulnerable: XStream XStream 1.4.8
Oracle Utilities Framework 4.3.0.3.0
Oracle Utilities Framework 4.3.0.2.0
Oracle Utilities Framework 4.3.0.1.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 4.2.0.1.0
Oracle Utilities Framework 4.1.0.2.0
Oracle Utilities Framework 4.1.0.1.0
Oracle Utilities Framework 2.2.0.0.0
IBM Tivoli Netcool Configuration Manager 6.4.1
IBM Tivoli Netcool Configuration Manager 6.4.2.2
IBM Tivoli Netcool Configuration Manager 6.4.2.1
IBM Tivoli Netcool Configuration Manager 6.4.2.0
IBM Tivoli Netcool Configuration Manager 6.4.1.4
IBM Tivoli Netcool Configuration Manager 6.4.1.3
IBM Tivoli Netcool Configuration Manager 6.4.1.2
IBM Domino 8.5.3 FP 6 IF 13
IBM Domino 8.5
IBM Domino 9.0.1 FP 6 IF 1
IBM Domino 9.0 IF 4


Not Vulnerable: XStream XStream 1.4.9



Related Posts