CVE-2017-7465 - OpenCVE

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Application Platform Jboss Enterprise Application Platform Cd

Configuration 1 [-]

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
EAP-CD 14 Tech Preview
XML Frameworks	cpe:/a:redhat:jboss_enterprise_application_platform_cd:14	RHSA-2020:2563	2020-06-15T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/97605
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465
https://nvd.nist.gov/vuln/detail/CVE-2017-7465
https://www.cve.org/CVERecord?id=CVE-2017-7465

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-06-27T16:00:00

Updated: 2024-08-05T16:04:11.524Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7465

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-27T16:29:00.207

Modified: 2023-02-12T23:30:00.530

Link: CVE-2017-7465

Redhat

Severity : Important

Publid Date: 2017-04-11T00:00:00Z

Links: CVE-2017-7465 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability."}, {"lang": "es", "value": "Se ha descubierto que la implementaci\u00f3n JAXP empleada en JBoss EAP 7.0 para el procesamiento XSLT es vulnerable a una inyecci\u00f3n de c\u00f3digo. Un atacante podr\u00eda emplear este error para provocar la ejecuci\u00f3n remota de c\u00f3digo si puede proporcionar contenido XSLT para que sea analizado. La realizaci\u00f3n de una transformaci\u00f3n en JAXP requiere el uso de \"javax.xml.transform.TransformerFactory\". Si la caracter\u00edstica FEATURE_SECURE_PROCESSING est\u00e1 marcada como \"true\", mitiga esta vulnerabilidad."}], "id": "CVE-2017-7465", "lastModified": "2023-02-12T23:30:00.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-06-27T16:29:00.207", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97605"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7465"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Jason Shepherd (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:2563", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:14", "package": "XML Frameworks", "product_name": "EAP-CD 14 Tech Preview", "release_date": "2020-06-15T00:00:00Z"}], "bugzilla": {"description": "JBoss: JAXP in EAP 7.0 allows RCE via XSL", "id": "1439980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439980"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-611", "details": ["It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability.", "It was found that the JAXP implementation used in EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing."], "mitigation": {"lang": "en:us", "value": "Doing a transform in JAXP requires the use of a 'javax.xml.transform.TransformerFactory'. If the FEATURE_SECURE_PROCESSING feature is set to 'true', it mitigates this vulnerability. Eg:\nTransformerFactory factory = TransformerFactory.newInstance();\nfactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);"}, "name": "CVE-2017-7465", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "XML Frameworks", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Enterprise Web Server 3"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "security", "product_name": "Red Hat Mobile Application Platform 4"}], "public_date": "2017-04-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7465\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7465"], "threat_severity": "Important"}