Vulnerability Note VU#279472
Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity (XXE) attack that may be leveraged to expose sensitive data on the host..
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') - CVE-2016-2340
A vulnerable server would allow a remote user access to sensitive data or cause a denial of service.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
No information available. If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Thanks to Travis Emmert for reporting this vulnerability.
This document was written by Kyle O'Meara.
- CVE IDs: CVE-2016-2340
- Date Public: 24 Mar 2016
- Date First Published: 24 Mar 2016
- Date Last Updated: 24 Mar 2016
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.