Apache Cocoon XML Injection Vulnerability (CVE-2020-11991) Scanner

If you are using Apache Cocoon, it is better to check your system if any vulnerability exists.

Details
Stay Up To Date
Asset Type

domain,ip

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

30

Apache Cocoon XML Injection Vulnerability (CVE-2020-11991) Scanner Detail

If you are using Apache Cocoon, it is better to check your system if any vulnerability exists.

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

Affected versions:

  • Apache Cocoon version 2.1.12 and below

Some Advice for Common Problems

Update your Apache Cocoon to the latest version to eliminate this vulnerability.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service