CVEs-PoC/2017/CVE-2017-9096.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-04-21 18:16:01 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2017-9096

Description

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.

POC

Reference

https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/0xCyberY/CVE-T4PDF
https://github.com/A-TPL-Bench/LibHunter
https://github.com/ARPSyndicate/cvemon
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/LibHunter
https://github.com/CGCL-codes/PHunter
https://github.com/LibHunter/LibHunter
https://github.com/jakabakos/CVE-2017-9096
https://github.com/jakabakos/CVE-2017-9096-iText-XXE
https://github.com/null9900/threadbox-evaluation
https://github.com/spashx/cyclonedx2cytoscape
https://github.com/terrylao/itext-4.2.2

1.2 KiB Raw Permalink Blame History

CVE-2017-9096

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History