CVE-2015-1832 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-1832 PUBLISHED

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.

EPSS 0.82% · 74.2th percentile

Risk Scores

EPSS Score

0.82%

74.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	derby	0, 10.10.2.0-1

Timeline

Oct 3, 2016 CVE Published
Apr 23, 2019 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-1832 third-party-advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21990100 third-party-advisory
https://issues.apache.org/jira/browse/DERBY-6807 third-party-advisory
https://svn.apache.org/viewvc?view=revision&revision=1691461 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-1832 third-party-advisory

Open in Interactive Console →