Security for everyone

CVE-2020-11991 Scanner

Detects 'XML External Entity' vulnerability in Apache Cocoon affects v. from 2.1.0 to 2.1.12.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

30 sec

Scan only one


Parent Category

CVE-2020-11991 Scanner Detail

Apache Cocoon is an open-source framework used for building web applications. It offers a platform for creating content-oriented applications that respond to requests from various sources such as HTML, PDF, etc. and allows users to manage and distribute content in multiple languages. Apache Cocoon combines various technologies including XSLT, XML, Java, and web services, making it a powerful tool for developing web applications that can support different technologies. The software has been used in various industries including Government, Education, Health, and Media industries.

Recently, a vulnerability, CVE-2020-11991, was detected in the StreamGenerator component of the Apache Cocoon software. This vulnerability could allow any user to execute arbitrary code by leveraging XML External Entity(XXE) injection. The vulnerability can be triggered if a specially crafted XML file is uploaded and processed by the StreamGenerator component. 

This vulnerability can have serious consequences for businesses and organizations that use the Apache Cocoon software. If exploited, an attacker can gain access to sensitive information or damage the entire system. They could also create a backdoor allowing them access to the system as an administrator, thus compromising data and affecting the integrity of the entire network. The result could be a significant financial loss and damage to the company's reputation.

In conclusion, vulnerabilities such as CVE-2020-11991 can be a major concern for businesses and organizations that use the Apache Cocoon software. It's crucial that users take the necessary precautions to prevent such vulnerabilities from being exploited and causing significant damage. With the "pro" features of the platform, users can easily and quickly discover vulnerabilities in their digital assets giving them peace of mind knowing their system is secure.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture