N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-45960

CVE-2023-45960: Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory

This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references.

Original Description

An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive information via the setFeature function.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-45960

CVE-2023-45960:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.dom4j:dom4j	maven	<= 2.1.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The POC demonstrates that SAXReader's feature configuration order impacts XXE vulnerability mitigation. While the advisory was withdrawn due to reproducibility issues, the technical analysis shows that: 1) The setFeature implementation's security depends on invocation order 2) Versions <=2.1.4 don't enforce consistent entity expansion restrictions when features are set in suboptimal sequences 3) The CWE-776 mapping confirms this is an entity expansion issue. The function's behavior matches the described vulnerability pattern even if the advisory status is disputed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-45960: Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory

Original Description

CVE-2023-45960:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

N/A

N/A

CVE-2023-45960: Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory

Original Description

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI