Multiple XML External Entity (XXE) Vulnerabilities in XStream Drivers
CVE-2016-3674 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document.
Learn more about our External Network Penetration Testing.