Published: 10/06/2016 Updated: 10/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows malicious users to have unspecified impact via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 24
fasterxml jackson-dataformat-xml

Debian Bug report logs - #823703 CVE-2016-3720 Package: src:jackson-dataformat-xml; Maintainer for src:jackson-dataformat-xml is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 7 May 2016 21:27:02 UTC Severity: grave Tags: security ...

Synopsis Important: EAP Continuous Delivery Technical Preview Release 20 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 20Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat Data Grid 737 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Important A ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 731 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a security impact of Important A ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 728 on RHEL 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat Single Sign-On 738 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: Red Hat Fuse 770 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors ...

Secapp

Secapp Secapp docsmicrosoftcom/en-us/visualstudio/code-quality/ca2102?view=vs-2019 ourcodeworldcom/articles/read/1007/what-is-the-billion-laughs-xml-dos-attack-on-the-net-framework-c-sharp-xml-parser subscriptionpacktpubcom/book/networking_and_servers/9781785284588/5 wwwgeekboyninja/blog/tag/flash-csrf/ blogappseccocom/ Informati

National Vulnerability Database dependency checker for Clojure projects

nvd-clojure Formerly known as lein-nvd National Vulnerability Database dependency checker tool For a given project, all the jar files from its classpath will be checked for known security vulnerabilities nvd-clojure passes them to a library called DependencyCheck which does the vulnerability analysis Quoting the README from that library: DependencyCheck is a utility th

National Vulnerability Database dependency checker for Clojure projects

Secapp

NVD-CWE-noinfo http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823703 https://nvd.nist.gov https://github.com/riyasrapposol/Secapp

Get Started

CVE-2016-3720

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect