Vulnerabilities > CVE-2018-10868 - XML Entity Expansion vulnerability in Redhat Certification 7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |