CVE-2018-1000644

CRITICAL Year: 2018
CVSS v3 Score
10.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-611
View all →

Vulnerability Description

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Related Vulnerabilities

CVE-2015-9280

CRITICAL
CVSS:10.0(Critical)

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CWE-6112015

CVE-2017-7664

CRITICAL
CVSS:10.0(Critical)

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CWE-6112017

CVE-2017-8110

CRITICAL
CVSS:10.0(Critical)

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CWE-6112017

CVE-2018-1000124

CRITICAL
CVSS:10.0(Critical)

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the c...

CWE-6112018

CVE-2018-1000651

CRITICAL
CVSS:10.0(Critical)

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning...

CWE-6112018

CVE-2018-1000652

CRITICAL
CVSS:10.0(Critical)

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery...

CWE-6112018