First published: Tue May 17 2016(Updated: )
Last updated 22 August 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =8.0 | |
Fedoraproject Fedora | =22 | |
Fedoraproject Fedora | =23 | |
Xstream Project Xstream | <=1.4.8 | |
IBM GDE | <=3.0.0.2 | |
debian/libxstream-java | 1.4.15-3+deb11u2 1.4.20-1 1.4.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-3674 is a vulnerability in XStream that allows remote attackers to read arbitrary files via a crafted XML document.
CVE-2016-3674 is caused by multiple XML external entity (XXE) vulnerabilities in the XStream drivers.
An attacker can exploit CVE-2016-3674 by sending a crafted XML document to the target system.
Versions up to and including 1.4.8 of XStream and up to version 3.0.0.2 of IBM GDE are affected by CVE-2016-3674.
The severity of CVE-2016-3674 is high, with a CVSS score of 7.5.