CVE-2019-9658: XEE
First published: Mon Mar 11 2019(Updated: )
Checkstyle before 8.18 loads external DTDs by default.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkstyle | <8.18 | |
| Debian | =8.0 | |
| Fedora | =28 | |
| Fedora | =29 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://checkstyle.org/releasenotes.html#Release_8.18
- https://github.com/checkstyle/checkstyle/issues/6474
- https://github.com/checkstyle/checkstyle/issues/6478
- https://github.com/checkstyle/checkstyle/pull/6476
- https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699@%3Ccommits.fluo.apache.org%3E
- https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9@%3Cserver-dev.james.apache.org%3E
- https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26@%3Cnotifications.fluo.apache.org%3E
- https://lists.apache.org/thread.html/a35a8ccb316d4c2340710f610cba8058e87d5376259b35ef3ed2bf89@%3Cnotifications.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/fff26ee7b59360a0264fef4e8ed9454ef652db2c39f2892a9ea1c9cb@%3Cnotifications.fluo.apache.org%3E
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/04/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMOPJ2XYE4LB2HM7OMSUBBIYEDUTLWE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEYBAHYAV37WHMOXZYM2ZWF46FHON6YC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJPT54USMGWT3Y6XVXLDEHKRUY2EI4OE/
- https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEYBAHYAV37WHMOXZYM2ZWF46FHON6YC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJPT54USMGWT3Y6XVXLDEHKRUY2EI4OE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMOPJ2XYE4LB2HM7OMSUBBIYEDUTLWE/
- https://lists.apache.org/thread.html/a35a8ccb316d4c2340710f610cba8058e87d5376259b35ef3ed2bf89%40%3Cnotifications.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/fff26ee7b59360a0264fef4e8ed9454ef652db2c39f2892a9ea1c9cb%40%3Cnotifications.fluo.apache.org%3E
- https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E
- https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26%40%3Cnotifications.fluo.apache.org%3E
- https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2019-9658?
CVE-2019-9658 is considered a medium severity vulnerability.
How do I fix CVE-2019-9658?
To fix CVE-2019-9658, upgrade Checkstyle to version 8.18 or later.
What types of software are affected by CVE-2019-9658?
CVE-2019-9658 affects Checkstyle versions prior to 8.18 and certain Debian and Fedora Linux distributions.
What does CVE-2019-9658 exploit?
CVE-2019-9658 exploits the default loading of external DTDs in Checkstyle.
Is CVE-2019-9658 a remote code execution vulnerability?
No, CVE-2019-9658 is not classified as a remote code execution vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/checkstyle
- canonical/checkstyle
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/28
- version/fedora/29