{"containers": {"cna": {"affected": [{"product": "Eclipse", "vendor": "Check Point Software Technologies Ltd.", "versions": [{"status": "affected", "version": "All version lower or equal to 2017.2.5"}]}], "datePublic": "2017-12-04T00:00:00", "descriptions": [{"lang": "en", "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-20T18:57:01", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"}, {"tags": ["x_refsource_MISC"], "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2017-12-04T00:00:00", "ID": "CVE-2017-8315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse", "version": {"version_data": [{"version_value": "All version lower or equal to 2017.2.5"}]}}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"}, {"name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", "refsource": "MISC", "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:34:22.951Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"}]}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2017-8315", "datePublished": "2018-04-20T19:00:00Z", "dateReserved": "2017-04-28T00:00:00", "dateUpdated": "2024-09-17T02:37:41.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:ide:2017.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "EB13CB7E-DE2D-41BC-944E-52AABD13A953", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."}, {"lang": "es", "value": "El analizador Eclipse XML para Eclipse IDE, en versiones 2017.2.5 y anteriores, es vulnerable a un ataque de XML External Entity. Un atacante puede explotar la vulnerabilidad implementando c\u00f3digo malicioso en Androidmanifest.xml."}], "id": "CVE-2017-8315", "lastModified": "2018-05-22T15:33:42.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-20T19:29:00.503", "references": [{"source": "cve@checkpoint.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "eclipse-andmore: XML External Entity attack in AndroidManifest.xml parsing", "id": "1572380", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572380"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-611", "details": ["Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."], "name": "CVE-2017-8315", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "eclipse", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "eclipse", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "eclipse", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-eclipse46-eclipse", "product_name": "Red Hat Software Collections"}], "public_date": "2017-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8315\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8315"], "threat_severity": "Moderate"}