CVE-2017-7465
Last modified
CVE-2017-7465 is a vulnerability of currently unknown severity. It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. EPSS estimates a 2.98% chance of exploitation in the next 30 days.
Description
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 7.0.0 |
References
- http://www.securityfocus.com/bid/97605Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465Issue Tracking, Mitigation, Third Party Advisory
- http://www.securityfocus.com/bid/97605Third Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465Issue Tracking, Mitigation, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7465?
How severe is CVE-2017-7465?
How do I fix CVE-2017-7465?
Are you affected by CVE-2017-7465?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST