XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Derby | Apache | 10.2.1.6 | 10.2.1.6 |
Derby | Apache | 10.10.1.1 | 10.10.1.1 |
Derby | Apache | 10.5.3.0 | 10.5.3.0 |
Derby | Apache | 10.4.1.3 | 10.4.1.3 |
Derby | Apache | 10.1.1.0 | 10.1.1.0 |
Derby | Apache | 10.4.2.0 | 10.4.2.0 |
Derby | Apache | 10.6.1.0 | 10.6.1.0 |
Derby | Apache | 10.7.1.1 | 10.7.1.1 |
Derby | Apache | 10.2.2.0 | 10.2.2.0 |
Derby | Apache | 10.9.1.0 | 10.9.1.0 |
Derby | Apache | 10.11.1.1 | 10.11.1.1 |
Derby | Apache | 10.8.1.2 | 10.8.1.2 |
Derby | Apache | 10.6.2.1 | 10.6.2.1 |
Derby | Apache | 10.1.3.1 | 10.1.3.1 |
Derby | Apache | 10.5.1.1 | 10.5.1.1 |
Derby | Apache | 10.8.3.0 | 10.8.3.0 |
Derby | Apache | 10.10.2.0 | 10.10.2.0 |
Derby | Apache | 10.3.3.0 | 10.3.3.0 |
Derby | Apache | 10.8.2.2 | 10.8.2.2 |
Derby | Apache | 10.1.2.1 | 10.1.2.1 |