Vulnerability Details : CVE-2018-1000632
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Products affected by CVE-2018-1000632
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 19.12.0.0 and up to, including, (<=) 19.12.6.0cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 16.1.0.0 and up to, including, (<=) 16.2.20.1cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 17.1.0.0 and up to, including, (<=) 17.12.17.1cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- Oracle » Primavera P6 Enterprise Project Portfolio ManagementVersions from including (>=) 18.1.0.0 and up to, including, (<=) 18.8.19.0cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
- Oracle » Utilities FrameworkVersions from including (>=) 4.3.0.2.0 and up to, including, (<=) 4.3.0.6.0cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*
- cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000632
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000632
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-1000632
-
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000632
-
https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E
proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8) - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1160
RHSA-2019:1160 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E
Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8) - Pony MailMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1162
RHSA-2019:1162 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
https://ihacktoprotect.com/post/dom4j-xml-injection/
XML Injection in dom4j library · I hack to protectExploit;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0365
RHSA-2019:0365 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
#48 Validate QName inputs - throw IllegalArgumentException when quali… · dom4j/dom4j@e598eb4 · GitHubPatch;Third Party Advisory
-
https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://github.com/dom4j/dom4j/issues/48
Validate QName inputs · Issue #48 · dom4j/dom4j · GitHubThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
[SECURITY] Fedora 34 Update: dom4j-2.0.3-1.fc34 - package-announce - Fedora Mailing-Lists
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021
-
https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E
Pony Mail!Mailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E
[maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3Mailing List;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html
[SECURITY] [DLA 1517-1] dom4j security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190530-0001/
CVE-2018-1000632 Dom4j Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E
[maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-Mailing List;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1161
RHSA-2019:1161 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0362
RHSA-2019:0362 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report - Pony MailThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
[SECURITY] Fedora 33 Update: dom4j-2.0.3-1.fc33 - package-announce - Fedora Mailing-Lists
-
https://access.redhat.com/errata/RHSA-2019:0380
RHSA-2019:0380 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0364
RHSA-2019:0364 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3172
RHSA-2019:3172 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1159
RHSA-2019:1159 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E
[jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it - Pony Mail
Jump to