Vulnerability Description
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Sling | <= 1.0.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99873Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62
- http://www.securityfocus.com/bid/99873Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62
FAQ
What is CVE-2016-6798?
CVE-2016-6798 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which...
How severe is CVE-2016-6798?
CVE-2016-6798 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6798?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Sling.