In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/99873 | Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-07-18T00:00:00
Updated: 2017-07-20T09:57:01
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6798
JSON object: View
NVD Information
Status : Modified
Published: 2017-07-19T15:29:00.213
Modified: 2023-11-07T02:34:07.380
Link: CVE-2016-6798
JSON object: View
Redhat Information
No data.
CWE