CRITICAL🇵🇱 Wersja polska

CVE-2018-9116

CVSS 9.1v3.0pub. 2018-03-29upd. 2024-11-21

An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Wiremock

    APP
    Wiremock
    < 2.16.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoSXXE
CWE
References

Related vulnerabilities

CVE-2023-50069MEDIUM6.1ten sam produkt

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) throug...

CVE-2023-41327MEDIUM4.6ten sam produkt

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefor...

CVE-2018-9117MEDIUM5.3ten sam produkt

WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local ...

CVE-2023-41329LOW3.9ten sam produkt

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network rest...

CVE-2023-39967CRITICAL10.0ten sam vendor

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in Wir...