dom4j prior to 2.0.3 and 2.1.x prior to 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
dom4j project dom4j |
||
oracle insurance policy administration j2ee 10.2.0 |
||
oracle insurance rules palette 10.2.0 |
||
oracle retail integration bus 15.0 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 11.1.1.9.0 |
||
oracle utilities framework 4.2.0.3.0 |
||
oracle utilities framework 4.2.0.2.0 |
||
oracle utilities framework 2.2.0.0.0 |
||
oracle flexcube core banking 11.7.0 |
||
oracle business process management suite 12.2.1.3.0 |
||
oracle endeca information discovery integrator 3.2.0 |
||
oracle application testing suite 13.3.0.1 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail integration bus 16.0 |
||
oracle retail customer management and segmentation foundation 16.0 |
||
oracle retail customer management and segmentation foundation 17.0 |
||
oracle retail customer management and segmentation foundation 18.0 |
||
oracle enterprise data quality 12.2.1.3.0 |
||
oracle data integrator 12.2.1.3.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle agile plm 9.3.3 |
||
oracle agile plm 9.3.5 |
||
oracle communications unified inventory management 7.4.0 |
||
oracle fusion middleware 12.2.1.4.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle primavera p6 enterprise project portfolio management |
||
oracle enterprise manager base platform 13.4.0.0 |
||
oracle rapid planning 12.1 |
||
oracle rapid planning 12.2 |
||
oracle utilities framework |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle retail customer management and segmentation foundation 19.0 |
||
oracle communications diameter signaling router |
||
oracle jdeveloper 12.2.1.4.0 |
||
oracle communications unified inventory management 7.3.0 |
||
oracle communications application session controller 3.9m0p1 |
||
oracle data integrator 12.2.1.4.0 |
||
oracle enterprise data quality 11.1.1.9.0 |
||
oracle health sciences information manager 3.0.1 |
||
oracle banking platform |
||
oracle retail order broker 18.0 |
||
oracle business process management suite 12.2.1.4.0 |
||
oracle insurance rules palette 10.2.4 |
||
oracle insurance rules palette 11.0.2 |
||
oracle insurance policy administration j2ee 10.2.4 |
||
oracle insurance policy administration j2ee 11.0.2 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 17.0.4 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle health sciences empirica signal 9.0 |
||
oracle insurance rules palette |
||
oracle retail xstore point of service 15.0.4 |
||
oracle storagetek tape analytics sw tool 2.3 |
||
oracle retail price management 14.0.3 |
||
oracle retail price management 14.1.3.0 |
||
oracle retail price management 15.0.3.0 |
||
oracle retail price management 16.0.3.0 |
||
oracle retail order broker 19.0 |
||
oracle retail order broker 19.1 |
||
oracle documaker |
||
oracle flexcube core banking 11.8.0 |
||
oracle flexcube core banking 11.10.0 |
||
oracle flexcube core banking 11.9.0 |
||
oracle insurance policy administration j2ee |
||
opensuse leap 15.1 |
||
netapp snap creator framework - |
||
netapp snapcenter - |
||
netapp snapmanager - |
||
netapp oncommand workflow automation - |
||
netapp oncommand api services - |
||
canonical ubuntu linux 16.04 |
Vulmon