CVE-2017-9096

ADVISORY - github

Summary

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

EPSS Score⁠: 0.09902 (0.950)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-611⁠

Improper Restriction of XML External Entity Reference

ADVISORY - github

CWE-611⁠

Improper Restriction of XML External Entity Reference

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-611⁠

Improper Restriction of XML External Entity Reference

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-611⁠

Improper Restriction of XML External Entity Reference

Impacted images

Advisories

NIST

CREATED

9 years ago

UPDATED

9 days ago

ADVISORY IDCVE-2017-9096⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-611⁠

CVSS SCORE

8.8high

GitHub

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-86p9-x5pw-94qx⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-611⁠

CVSS SCORE

8.8high

GitLab

CREATED

4 years ago

UPDATED

4 years ago

ADVISORY ID

CVE-2017-9096

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-611⁠CWE-937⁠

CVSS SCORE

8.8high

Red Hat

CREATED

9 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-9096⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-611⁠

CVSS SCORE

6.5medium

intheWild

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2017-9096⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY