AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2017-7465: It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An

infovulnerability

security

Source: NVD/CVE DatabaseJune 27, 2018CVE-2017-7465

Summary

CVE-2017-7465 is a code injection vulnerability in JBoss EAP 7.0's XSLT processing (a language for transforming XML documents). An attacker who can provide XSLT content for the system to process could execute arbitrary code (run commands they shouldn't be able to run) on the affected server.

Solution / Mitigation

Set the FEATURE_SECURE_PROCESSING feature to 'true' in the javax.xml.transform.TransformerFactory (the component that processes XSLT transformations) to mitigate this vulnerability.

Vulnerability Details

CVSS Score

7.5

EPSS (30-day exploit probability)

EPSS: 3.5%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-611 CWE-94

CAPEC (Attack Pattern)

CAPEC-242

Original source: https://nvd.nist.gov/vuln/detail/CVE-2017-7465

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%