Vulnerability-Lookup

CVE-2017-8315 (GCVE-0-2017-8315)

Vulnerability from cvelistv5 – Published: 2018-04-20 19:00 – Updated: 2024-09-17 02:37

Summary

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.

Severity ?

No CVSS data available.

CWE

Local Privilege Escalation

Assigner

checkpoint

References

URL

Tags

	https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169	x_refsource_CONFIRM
	https://research.checkpoint.com/parsedroid-target…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Check Point Software Technologies Ltd.	Eclipse	Affected: All version lower or equal to 2017.2.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:22.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse",
          "vendor": "Check Point Software Technologies Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All version lower or equal to 2017.2.5"
            }
          ]
        }
      ],
      "datePublic": "2017-12-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-20T18:57:01.000Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "DATE_PUBLIC": "2017-12-04T00:00:00",
          "ID": "CVE-2017-8315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All version lower or equal to 2017.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Check Point Software Technologies Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
            },
            {
              "name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
              "refsource": "MISC",
              "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2017-8315",
    "datePublished": "2018-04-20T19:00:00.000Z",
    "dateReserved": "2017-04-28T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:37:41.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CNVD-2018-09905

Vulnerability from cnvd - Published: 2018-05-21

Title

Eclipse IDE Eclipse XML解析器外部实体注入漏洞

Description

Eclipse IDE是Eclipse基金会的一套集成开发环境。Eclipse XML parser是其中的一个XML解析器。 Eclipse IDE 2017.2.5及之前版本中的Eclipse XML解析器存在安全漏洞。攻击者可利用该漏洞实施XML外部实体注入攻击。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.eclipse.org

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-8315

Impacted products

Name
Eclipse IDE <=2017.2.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8315",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8315"
    }
  },
  "description": "Eclipse IDE\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u96c6\u6210\u5f00\u53d1\u73af\u5883\u3002Eclipse XML parser\u662f\u5176\u4e2d\u7684\u4e00\u4e2aXML\u89e3\u6790\u5668\u3002\r\n\r\nEclipse IDE 2017.2.5\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684Eclipse XML\u89e3\u6790\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bdXML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u653b\u51fb\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.eclipse.org",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09905",
  "openTime": "2018-05-21",
  "products": {
    "product": "Eclipse IDE \u003c=2017.2.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8315",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-24",
  "title": "Eclipse IDE Eclipse XML\u89e3\u6790\u5668\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2017-8315

Vulnerability from fkie_nvd - Published: 2018-04-20 19:29 - Updated: 2024-11-21 03:33

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@checkpoint.com	https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169	Permissions Required, Vendor Advisory
cve@checkpoint.com	https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	eclipse	ide	2017.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:ide:2017.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB13CB7E-DE2D-41BC-944E-52AABD13A953",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."
    },
    {
      "lang": "es",
      "value": "El analizador Eclipse XML para Eclipse IDE, en versiones 2017.2.5 y anteriores, es vulnerable a un ataque de XML External Entity. Un atacante puede explotar la vulnerabilidad implementando c\u00f3digo malicioso en Androidmanifest.xml."
    }
  ],
  "id": "CVE-2017-8315",
  "lastModified": "2024-11-21T03:33:45.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-20T19:29:00.503",
  "references": [
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
    },
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
    }
  ],
  "sourceIdentifier": "cve@checkpoint.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-8315

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8315

Aliases

CVE-2017-8315

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8315",
    "description": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.",
    "id": "GSD-2017-8315"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8315"
      ],
      "details": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.",
      "id": "GSD-2017-8315",
      "modified": "2023-12-13T01:21:08.506763Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@checkpoint.com",
        "DATE_PUBLIC": "2017-12-04T00:00:00",
        "ID": "CVE-2017-8315",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All version lower or equal to 2017.2.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Check Point Software Technologies Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Local Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169",
            "refsource": "CONFIRM",
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
          },
          {
            "name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
            "refsource": "MISC",
            "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:ide:2017.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2017-8315"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-05-22T15:33Z",
      "publishedDate": "2018-04-20T19:29Z"
    }
  }
}

GHSA-F33M-7GG2-3CM2

Vulnerability from github – Published: 2022-05-14 03:22 – Updated: 2022-05-14 03:22

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.",
  "id": "GHSA-f33m-7gg2-3cm2",
  "modified": "2022-05-14T03:22:02Z",
  "published": "2022-05-14T03:22:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8315"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169"
    },
    {
      "type": "WEB",
      "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8315 (GCVE-0-2017-8315)

CNVD-2018-09905

FKIE_CVE-2017-8315

GSD-2017-8315

GHSA-F33M-7GG2-3CM2

Tags

Sightings

Nomenclature