CVE-2017-8315
Published: 20 April 2018
Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
Notes
Author | Note |
---|---|
msalvatore | see debian CVE tracker for more details. |
Priority
Status
Package | Release | Status |
---|---|---|
apktool Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(2.3.4-1~18.04)
|
|
cosmic |
Not vulnerable
(2.3.4-1~18.04)
|
|
disco |
Not vulnerable
(2.3.4-1~18.04)
|
|
eoan |
Not vulnerable
(2.3.4-1~18.04)
|
|
focal |
Not vulnerable
(2.3.4-1~18.04)
|
|
groovy |
Not vulnerable
(2.3.4-1~18.04)
|
|
hirsute |
Not vulnerable
(2.3.4-1~18.04)
|
|
impish |
Not vulnerable
(2.3.4-1~18.04)
|
|
jammy |
Not vulnerable
(2.3.4-1~18.04)
|
|
kinetic |
Not vulnerable
(2.3.4-1~18.04)
|
|
lunar |
Not vulnerable
(2.3.4-1~18.04)
|
|
mantic |
Not vulnerable
(2.3.4-1~18.04)
|
|
noble |
Not vulnerable
(2.3.4-1~18.04)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.2.4-1)
|
|
xenial |
Needed
|
|
Patches: upstream: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c upstream: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed upstream: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063 |
||
eclipse Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |