CVE-2015-1832

CVSS v3.0 9.1 (Critical)

CVSS v2.0 6.4 (Medium)

EPSS 0.76 % (81^th)

Affected Products 1

Advisories 1

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

Weaknesses

CWE-399: Resource Management Errors
CWE-611: Improper Restriction of XML External Entity Reference

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2016-10-03 21:59:02
(8 years ago)
Updated Date: 2023-11-07 02:24:57
(10 months ago)

Affected Products

Apache

Derby

Configuration #1

		CPE23	From	Up To
	Apache Derby 10.1.1.0	cpe:2.3:a:apache:derby:10.1.1.0
	Apache Derby 10.1.2.1	cpe:2.3:a:apache:derby:10.1.2.1
	Apache Derby 10.1.3.1	cpe:2.3:a:apache:derby:10.1.3.1
	Apache Derby 10.2.1.6	cpe:2.3:a:apache:derby:10.2.1.6
	Apache Derby 10.2.2.0	cpe:2.3:a:apache:derby:10.2.2.0
	Apache Derby 10.3.3.0	cpe:2.3:a:apache:derby:10.3.3.0
	Apache Derby 10.4.1.3	cpe:2.3:a:apache:derby:10.4.1.3
	Apache Derby 10.4.2.0	cpe:2.3:a:apache:derby:10.4.2.0
	Apache Derby 10.5.1.1	cpe:2.3:a:apache:derby:10.5.1.1
	Apache Derby 10.5.3.0	cpe:2.3:a:apache:derby:10.5.3.0
	Apache Derby 10.6.1.0	cpe:2.3:a:apache:derby:10.6.1.0
	Apache Derby 10.6.2.1	cpe:2.3:a:apache:derby:10.6.2.1
	Apache Derby 10.7.1.1	cpe:2.3:a:apache:derby:10.7.1.1
	Apache Derby 10.8.1.2	cpe:2.3:a:apache:derby:10.8.1.2
	Apache Derby 10.8.2.2	cpe:2.3:a:apache:derby:10.8.2.2
	Apache Derby 10.8.3.0	cpe:2.3:a:apache:derby:10.8.3.0
	Apache Derby 10.9.1.0	cpe:2.3:a:apache:derby:10.9.1.0
	Apache Derby 10.10.1.1	cpe:2.3:a:apache:derby:10.10.1.1
	Apache Derby 10.10.2.0	cpe:2.3:a:apache:derby:10.10.2.0
	Apache Derby 10.11.1.1	cpe:2.3:a:apache:derby:10.11.1.1