9.8

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2016-6798

GHSA ID

GHSA-7g54-vgp6-jj5w

EPSS Score

0.79149%

CWE

CWE-611

Published

5/17/2022

Updated

10/11/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-6798

CVE-2016-6798: XML External Entity Reference in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2016-6798

CVE-2016-6798:

9.8

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2016-6798

GHSA ID

GHSA-7g54-vgp6-jj5w

EPSS Score

0.79149%

CWE

CWE-611

Published

5/17/2022

Updated

10/11/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.sling:org.apache.sling.xss	maven	< 1.0.12	1.0.12
org.apache.sling:org.apache.sling.xss.compat	maven	< 1.1.0	1.1.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the use of an insecure SAX parser in XSS.getValidXML(). The commit diff shows that the SAXParserFactory in XSSAPIImpl.activate() was initially configured without disabling features like external DTDs and entities (CWE-611). The patched version adds these security settings. Since XSS.getValidXML() relies on this factory to create parsers, both the factory initialization (activate) and the validation method (getValidXML) are directly responsible for the XXE vulnerability. The high confidence comes from explicit evidence in the patch and CVE description linking the insecure parser to this method.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2016-6798: XML External Entity Reference in Apache Sling

CVE-2016-6798:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

CVE-2016-6798: XML External Entity Reference in Apache Sling

9.8

9.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI