Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream prior to 1.4.9 allow remote malicious users to read arbitrary files via a crafted XML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
xstream project xstream |