1. Home
  2. Vulnerabilities
  3. CVE-2018-1000644

CVE-2018-1000644

CVSS v3.0 10 (Critical)
100% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.19 % (56th)
0.19% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-08-20 19:31:39
(6 years ago)
Updated Date
2018-11-01 16:21:44
(5 years ago)

Affected Products

Eclipse

Configuration #1

    CPE23 From Up To
  Eclipse Rdf4j prior 2.4.0 version cpe:2.3:a:eclipse:rdf4j < 2.4.0
  Eclipse Rdf4j 2.4.0 cpe:2.3:a:eclipse:rdf4j:2.4.0:-
  Eclipse Rdf4j 2.4.0 M1 cpe:2.3:a:eclipse:rdf4j:2.4.0:m1
  Eclipse Rdf4j 2.4.0 M2 cpe:2.3:a:eclipse:rdf4j:2.4.0:m2