Vulnerability Details : CVE-2017-12621
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2017-12621
- cpe:2.3:a:apache:commons_jelly:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12621
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12621
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-12621
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12621
-
http://www.securityfocus.com/bid/101052
Apache Commons Jelly CVE-2017-12621 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://issues.apache.org/jira/browse/JELLY-293
[JELLY-293] Accommodate toggling off DTD external entities. - ASF JIRAIssue Tracking;Vendor Advisory;Patch
-
http://www.securitytracker.com/id/1039444
Apache Commons Jelly Custom Doctype Entity Parsing May Let Remote Users Conduct XML External Entity Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/f1fc3f2c45264af44ce782d54b5908ac95f02bf7ad88bb57bfb04b73@%3Cdev.commons.apache.org%3E
[SECURITY] CVE-2017-12621 Apache Commons Jelly connects to URL with custom doctype definitions. - Pony MailIssue Tracking;Patch;Vendor Advisory
Jump to