CVE-2017-15708
critical
CVSS v3
9.8
CVSS v4 NEW
โ
VIR risk
9.8
Description
Remote Code Execution in Apache Synapse
Predictions
Exploit likelihood
97%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.synapse:synapse-core | <3.0.1 | 3.0.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | synapse | 1.0 | |
| apache | synapse | 1.1 | |
| apache | synapse | 1.1.1 | |
| apache | synapse | 1.1.2 | |
| apache | synapse | 1.2 | |
| apache | synapse | 2.0.0 | |
| apache | synapse | 2.1.0 | |
| apache | synapse | 3.0.0 | |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.6 | |
| oracle | financial_services_market_risk_measurement_and_management | 8.0.8 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
References
- http://www.securityfocus.com/bid/102154
- https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E
- https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E
- https://security.gentoo.org/glsa/202107-37
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-15708
- https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E
- https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6@%3Ccommits.doris.apache.org%3E
CWEs
CWE-74
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.