CVE-2016-6798

Published: Jul 19, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Affected (1)

Products: Apache: Sling

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Sling	Up to 1.0.10

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

http://www.securityfocus.com/bid/99873

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E

Source: security@apache.org

http://www.securityfocus.com/bid/99873

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/b72c3a511592ec70729b3ec2d29302b6ce87bbeab62d4745617a6bd0%40%3Cdev.sling.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.