ID | CVE-2019-9658 |
Summary | Checkstyle before 8.18 loads external DTDs by default. |
References | |
Vulnerable Configurations | - cpe:2.3:a:checkstyle:checkstyle:8.11:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.11:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.12:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.12:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.13:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.13:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.14:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.14:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.15:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.15:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.16:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.16:*:*:*:*:*:*:* - cpe:2.3:a:checkstyle:checkstyle:8.17:*:*:*:*:*:*:*
cpe:2.3:a:checkstyle:checkstyle:8.17:*:*:*:*:*:*:* - cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* - cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:* - cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
|
CVSS | Base: | 5.0 (as of 01-10-2020 – 00:15) | Impact: | | Exploitability: | |
|
CWE | CWE-611 |
CAPEC | - XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
|
Access | Vector | Complexity | Authentication | NETWORK | LOW | NONE |
|
Impact | Confidentiality | Integrity | Availability | PARTIAL | NONE | NONE |
|
cvss-vector via4 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
refmap via4 | fedora | - FEDORA-2019-4696630d6f
- FEDORA-2019-a3f67e2364
- FEDORA-2019-e4405b4c9f
| misc | | mlist | - [accumulo-notifications] 20190612 [GitHub] [accumulo-testing] milleruntime opened a new pull request #80: Update checkstyle
- [debian-lts-announce] 20190428 [SECURITY] [DLA 1768-1] checkstyle security update
- [fluo-commits] 20190814 [fluo] branch fluo-parent updated: Update checkstyle (CVE-2019-9658) (#1073)
- [fluo-notifications] 20190814 [GitHub] [fluo] ctubbsii merged pull request #1073: Update checkstyle (CVE-2019-9658)
- [fluo-notifications] 20190815 Build failed in Jenkins: Fluo Parent Pom #101
- [james-server-dev] 20190318 [james-project] 01/03: JAMES-2693 Update com.puppycrawl.tools:checkstyle to respond to CVE-2019-9658
|
|
Last major update | 01-10-2020 – 00:15 |
Published | 11-03-2019 – 05:29 |
Last modified | 01-10-2020 – 00:15 |