Apache Cocoon XML Injection Vulnerability CVE-2020-11991 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

30

Apache Cocoon XML Injection Vulnerability CVE-2020-11991 Scanner Detail

A specially crafted XML, including external system entities, could be used to access any file on the server system.

When using the StreamGenerator, the code parse a user-provided XML.

Affected versions:

  • Apache Cocoon version 2.1.12 and below

Some Advice for Common Problems

Update your Apache Cocoon to the latest version to eliminate this vulnerability.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service