RedHat JBoss BPM Suite XML External Entity Injection Vulnerability (CVE-2015-1818)

2016年5月31日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

概要

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1005839