Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity (XXE) attack that may be leveraged to expose sensitive data on the host..
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') - CVE-2016-2340
A vulnerable server would allow a remote user access to sensitive data or cause a denial of service.
The CERT/CC is currently unaware of a practical solution to this problem.
Thanks to Travis Emmert for reporting this vulnerability.
This document was written by Kyle O'Meara.
|Date First Published:||2016-03-24|
|Date Last Updated:||2016-03-24 14:45 UTC|