Vulnerable Library - commons-configuration-1.9.jar
Tools to assist in the reading of configuration/preferences files in
various formats
Library home page: http://commons.apache.org/configuration/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-configuration/commons-configuration/1.9/commons-configuration-1.9.jar
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-707275-426206
Vulnerable Library - commons-configuration-1.9.jar
Tools to assist in the reading of configuration/preferences files in
various formats
Library home page: http://commons.apache.org/configuration/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-configuration/commons-configuration/1.9/commons-configuration-1.9.jar
Dependency Hierarchy:
- ❌ commons-configuration-1.9.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
com.ksa.context.web.RuntimeConfiguration (Application)
-> org.apache.commons.configuration.PropertiesConfiguration (Extension)
-> org.apache.commons.configuration.HierarchicalINIConfiguration (Extension)
-> org.apache.commons.configuration.XMLConfiguration$XMLNode (Extension)
-> ❌ org.apache.commons.configuration.tree.ConfigurationNodeVisitorAdapter (Vulnerable Component)
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-707275-426206
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Tools to assist in the reading of configuration/preferences files in various formats
Library home page: http://commons.apache.org/configuration/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-configuration/commons-configuration/1.9/commons-configuration-1.9.jar
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - commons-configuration-1.9.jar
Tools to assist in the reading of configuration/preferences files in various formats
Library home page: http://commons.apache.org/configuration/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-configuration/commons-configuration/1.9/commons-configuration-1.9.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-707275-426206
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.