CVE-2016-3674 in Utilities Frameworkinfo

Summary

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

03/28/2016

Disclosure

05/17/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
100139	Oracle Utilities Framework UI/Batch/XAI information disclosure	200	Not defined	Official fix	CVE-2016-3674
90192	IBM Lotus Notes information disclosure	200	Not defined	Official fix	CVE-2016-3674
87414	XStream Dom4JDriver information disclosure	200	Not defined	Official fix	CVE-2016-3674

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸