Multiple XML External Entity (XXE) Vulnerabilities in XStream Drivers

Multiple XML External Entity (XXE) Vulnerabilities in XStream Drivers

CVE-2016-3674 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.

Learn more about our External Network Penetration Testing.