Published: 27/06/2018 Updated: 12/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 7.0.0

Synopsis Important: EAP Continuous Delivery Technical Preview Release 14 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 140Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...

It was found that the JAXP implementation used in EAP 70 for XSLT processing is vulnerable to code injection An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing ...

CWE-611 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465 http://www.securityfocus.com/bid/97605 https://access.redhat.com/errata/RHSA-2020:2563 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-7465

CVE-2017-7465

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect