Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
605
VMScore

CVE-2016-4312

Published: 17/02/2017 Updated: 09/10/2018
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 605
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Wso2

Vulnerability Summary

XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials.

Vulnerable Product Search on Vulmon Subscribe to Product

wso2 identity server 5.1.0

Exploits

Exploit DB: WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities
[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/WSO2-IDENTITY-SERVER-v510-XML-External-Entitytxt [+] ISR: ApparitionSec Vendor: ============= wwwwso2com Product: ============================ Wso2 Identity Server v510 As the industry’s first enterprise ...
Exploit DB: WSO2 Identity Server 5.1.0 XML Injection
WSO2 Identity Server version 510 suffers from cross site request forgery and XML external-entity injection vulnerabilities ...

References

CWE-611https://www.exploit-db.com/exploits/40239/https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096http://www.securityfocus.com/bid/92485http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.htmlhttp://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txthttp://www.securityfocus.com/archive/1/539199/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/40239/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook