Vulnerabilities > CVE-2016-9487 - XXE vulnerability in W3 Epubcheck 4.0.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |