ID CVE-2016-3720
Summary XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
References
Vulnerable Configurations
  • Fedora 24
    cpe:2.3:o:fedoraproject:fedora:24
  • FasterXML Jackson 2.7.3
    cpe:2.3:a:fasterxml:jackson:2.7.3
CVSS
Base: 7.5 (as of 03-08-2016 - 09:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-13B4CAE9DF.NASL
    description Security fix for CVE-2016-3720 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 91057
    published 2016-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91057
    title Fedora 24 : jackson-dataformat-xml-2.6.3-3.fc24 (2016-13b4cae9df)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-F2E2B178EA.NASL
    description Security fix for CVE-2016-3720 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92202
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92202
    title Fedora 23 : jackson-dataformat-xml (2016-f2e2b178ea)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D708261CE2.NASL
    description Security fix for CVE-2016-3720 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92177
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92177
    title Fedora 22 : jackson-dataformat-xml (2016-d708261ce2)
refmap via4
fedora FEDORA-2016-13b4cae9df
Last major update 19-02-2017 - 01:19
Published 10-06-2016 - 11:59
Back to Top