Vulnerability CVE-2019-9658
Published: 2019-03-11

Description:
Checkstyle before 8.18 loads external DTDs by default.

Type:

CWE-254

 (Security Features)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Fedoraproject -> Fedora 
Debian -> Debian linux 
Checkstyle -> Checkstyle 

 References:
https://checkstyle.org/releasenotes.html#Release_8.18
https://github.com/checkstyle/checkstyle/issues/6474
https://github.com/checkstyle/checkstyle/issues/6478
https://github.com/checkstyle/checkstyle/pull/6476
https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9@%3Cserver-dev.james.apache.org%3E
https://lists.apache.org/thread.html/a35a8ccb316d4c2340710f610cba8058e87d5376259b35ef3ed2bf89@%3Cnotifications.accumulo.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/04/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMOPJ2XYE4LB2HM7OMSUBBIYEDUTLWE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEYBAHYAV37WHMOXZYM2ZWF46FHON6YC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJPT54USMGWT3Y6XVXLDEHKRUY2EI4OE/
Copyright 2024, cxsecurity.com

 

Back to Top