Critical severity9.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-3208
CVE-2017-3208
Description
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =5.1.1.0
Patches
Vulnerability mechanics
References
4- codewhitesec.blogspot.com/2017/04/amf.htmlnvdExploitThird Party Advisory
- www.securityfocus.com/bid/97384nvdThird Party AdvisoryVDB Entry
- www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionnvdThird Party Advisory
- www.kb.cert.org/vuls/id/307983nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.