CVE Vulnerabilities

CVE-2015-1832

Published: Oct 03, 2016 | Modified: Nov 07, 2023
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

Affected Software

Name Vendor Start Version End Version
Derby Apache 10.2.1.6 10.2.1.6
Derby Apache 10.10.1.1 10.10.1.1
Derby Apache 10.5.3.0 10.5.3.0
Derby Apache 10.4.1.3 10.4.1.3
Derby Apache 10.1.1.0 10.1.1.0
Derby Apache 10.4.2.0 10.4.2.0
Derby Apache 10.6.1.0 10.6.1.0
Derby Apache 10.7.1.1 10.7.1.1
Derby Apache 10.2.2.0 10.2.2.0
Derby Apache 10.9.1.0 10.9.1.0
Derby Apache 10.11.1.1 10.11.1.1
Derby Apache 10.8.1.2 10.8.1.2
Derby Apache 10.6.2.1 10.6.2.1
Derby Apache 10.1.3.1 10.1.3.1
Derby Apache 10.5.1.1 10.5.1.1
Derby Apache 10.8.3.0 10.8.3.0
Derby Apache 10.10.2.0 10.10.2.0
Derby Apache 10.3.3.0 10.3.3.0
Derby Apache 10.8.2.2 10.8.2.2
Derby Apache 10.1.2.1 10.1.2.1

References