CVE-2017-15708
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
Remote Code Execution in Apache Synapse
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.synapse:synapse-core | <3.0.1 | 3.0.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | synapse | 1.0 | |
| apache | synapse | 1.1 | |
| apache | synapse | 1.1.1 | |
| apache | synapse | 1.1.2 | |
| apache | synapse | 1.2 | |
| apache | synapse | 2.0.0 | |
| apache | synapse | 2.1.0 | |
| apache | synapse | 3.0.0 | |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.6 | |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.8 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
References
- http://www.securityfocus.com/bid/102154
- https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E
- https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E
- https://security.gentoo.org/glsa/202107-37
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-15708
- https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E
- https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6@%3Ccommits.doris.apache.org%3E
CWEs
CWE-74
Verify integrity in audit chain (admin only). AS-IS.