Executive Summary

Informations
Name CVE-2024-8602 First vendor Publication 2024-10-14
Vendor Cve Last vendor Modification 2024-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE (XML External Entity) attack. Further information on this can be found on the website of the Open Worldwide Application Security Project (OWASP). An attacker could theoretically leverage this by delivering a manipulated PDF file to the target, and depending on the environment, various actions can be executed. These actions include:

* Reading files from the operating system
* Crashing the thread handling the parsing or causing it to enter an infinite loop
* Executing HTTP requests
* Loading additional DTDs or XML files
* Under certain conditions, executing OS commands

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8602

Sources (Detail)

https://esteuer.ewv-ete.ch/fileadmin/esta/2024-10-09-update/24_09_esta_newsle...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2024-10-15 17:27:27
  • Multiple Updates
2024-10-14 21:27:28
  • First insertion