CVE-2018-9116 Security Details

CVE ID

CVE-2018-9116

CWE

CWE-611

CVE Description

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.

Published

Apr 10, 2018

CVSS Score & Severity

9.1Critical

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

1.091%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Vulnerable Methods

com/github/tomakehurst/wiremock/common/Xml.read(Ljava/lang/String;)Lorg/w3c/dom/Document;

JVMVulnerable params: 0

com/github/tomakehurst/wiremock/matching/ValuePattern.isXPathMatch(Ljava/lang/String;)Z

JVM

Affected Ecosystems

affected

Source

National Vulnerability Database

References

groups.google.comTHIRD_PARTY