Vulnerabilities > CVE-2016-6798 - XXE vulnerability in Apache Sling

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

CWE-611

critical

NVD

Published: 2017-07-19

Updated: 2023-11-07

Summary

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Sling - Apache Sling 1.0.0 Apache Sling 1.0.2 Apache Sling 1.0.4 Apache Sling 1.0.6 Apache Sling 1.0.8 Apache Sling 1.0.10	7

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References