7.5
CVSSv2

CVE-2016-3720

Published: 10/06/2016 Updated: 10/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows malicious users to have unspecified impact via unknown vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 24

fasterxml jackson-dataformat-xml

Vendor Advisories

Debian Bug report logs - #823703 CVE-2016-3720 Package: src:jackson-dataformat-xml; Maintainer for src:jackson-dataformat-xml is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 7 May 2016 21:27:02 UTC Severity: grave Tags: security ...
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors ...
Synopsis Important: Red Hat Single Sign-On 738 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Synopsis Important: EAP Continuous Delivery Technical Preview Release 20 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 20Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis Important: Red Hat Data Grid 737 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Synopsis Important: Red Hat Fuse 770 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...

Github Repositories

Secapp

Secapp Secapp docsmicrosoftcom/en-us/visualstudio/code-quality/ca2102?view=vs-2019 ourcodeworldcom/articles/read/1007/what-is-the-billion-laughs-xml-dos-attack-on-the-net-framework-c-sharp-xml-parser subscriptionpacktpubcom/book/networking_and_servers/9781785284588/5 wwwgeekboyninja/blog/tag/flash-csrf/ blogappseccocom/ Informati

National Vulnerability Database dependency-checker plugin for Leiningen

lein-nvd National Vulnerability Database dependency-checker plugin for Leiningen When run in your project, all the JARs on the classpath will be checked for known security vulnerabilities lein-nvd extracts project dependencies and passes them to a library called Dependency-Check which does the vulnerability analysis Quoting the README for that library: Dependency-Chec

Burp Suite extension for JAX-RS

Unsafe JAX-RS extension for Burp Suite Unsafe JAX-RS is an active scanner extension for Burp Suite to check JAX-RS application for common security flaws Currently following checks are implemented: Entity provider selection scan WADL scan CSRF scan JSONP scan Async jobs scan DoS via GZIP bombing scan Content negotiation scan Exception mapping scan Extension can identify follo

Java Security Documents

Java-Security Java Security Documents ##author:genxor Auditing and Bypassing Security Manager policiesdocx Java Deserialization Vulnerabilities - The Forgotten Bug Class (RuhrSec Edition)pdf Object Deserialisation Filters Backported from Java 9docx st2 webconsolehtml页面ognl调试docx Struts2最近几个漏洞分析&稳定利用Payloaddocx struts2漏洞S2-021

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android