CVE-2018-1000644: XEE
First published: Mon Aug 20 2018(Updated: )
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse RDF4j | <2.4.0 | |
| Eclipse RDF4j | =2.4.0 | |
| Eclipse RDF4j | =2.4.0-m1 | |
| Eclipse RDF4j | =2.4.0-m2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-1000644?
CVE-2018-1000644 is classified as a high-severity vulnerability due to its potential impact on confidentiality and system availability.
How do I fix CVE-2018-1000644?
To resolve CVE-2018-1000644, upgrade Eclipse RDF4j to version 2.4.0 or later.
What types of attacks can be executed through CVE-2018-1000644?
CVE-2018-1000644 can lead to XML External Entity (XXE) attacks, which may result in data disclosure, denial of service, server-side request forgery, and port scanning.
Which versions of Eclipse RDF4j are affected by CVE-2018-1000644?
Eclipse RDF4j versions prior to 2.4.0 Milestone 2 are affected by CVE-2018-1000644.
Can CVE-2018-1000644 be exploited with untrusted RDF files?
Yes, CVE-2018-1000644 is exploitable when untrusted RDF files are processed by the vulnerable XML parser.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/eclipse
- canonical/eclipse rdf4j
- version/eclipse rdf4j/2.4.0
- version/eclipse rdf4j/2.4.0-m1
- version/eclipse rdf4j/2.4.0-m2