// For flags

CVE-2021-33813

jdom: XXE allows attackers to cause a DoS via a crafted HTTP request

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Un problema de tipo XXE en SAXBuilder en JDOM versiones hasta 2.0.6, permite a atacantes causar una denegación de servicio por medio de una petición HTTP diseñada

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-03 CVE Reserved
  • 2021-06-16 CVE Published
  • 2024-03-01 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (19)
URL Tag Source
https://github.com/hunterhacker/jdom/releases Release Notes
https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd%40%3Cdev.tika.apache.org%3E Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html Mailing List
https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html Mailing List
https://www.oracle.com/security-alerts/cpujul2022.html Not Applicable
URL Date SRC
https://alephsecurity.com/vulns/aleph-2021003 2024-08-03
URL Date SRC
https://github.com/hunterhacker/jdom/pull/188 2023-11-07
https://www.oracle.com/security-alerts/cpuapr2022.html 2023-11-07
URL Date SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG 2023-11-07
https://access.redhat.com/security/cve/CVE-2021-33813 2022-07-07
https://bugzilla.redhat.com/show_bug.cgi?id=1973413 2022-07-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jdom
Search vendor "Jdom"
 Jdom
Search vendor "Jdom" for product "Jdom"
 <= 2.0.6
Search vendor "Jdom" for product "Jdom" and version " <= 2.0.6"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 8.8.1
Search vendor "Apache" for product "Solr" and version "8.8.1"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 8.9
Search vendor "Apache" for product "Solr" and version "8.9"
-
Affected
Apache
Search vendor "Apache"
 Tika
Search vendor "Apache" for product "Tika"
 1.25
Search vendor "Apache" for product "Tika" and version "1.25"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Messaging Server
Search vendor "Oracle" for product "Communications Messaging Server"
 8.1
Search vendor "Oracle" for product "Communications Messaging Server" and version "8.1"
-
Affected