CVE-2017-1289

Metadata

medium
6.4
ibm-java80
CVE-2017-1289
cve.mitre.org, developer.ibm.com, www-01.ibm.com, rhn.redhat.com
2017-05-22
2017-10-23 14:27
2017-06-16 18:42
2017-05-26 05:03
2017-05-11 02:04

Description

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream ibm-java80 8.0.4.5
xenial ibm-java80 None

Unaffected

Release Package Reason
precise/esm ibm-java80 DNE
trusty ibm-java80 DNE
vivid/stable-phone-overlay ibm-java80 DNE
vivid/ubuntu-core ibm-java80 DNE
yakkety ibm-java80 DNE
zesty ibm-java80 DNE
artful ibm-java80 DNE
devel ibm-java80 DNE