Описание
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-5392
- https://change.sos-berlin.com/browse/JS-1204
- http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html
- http://www.christian-schneider.net/advisories/CVE-2014-5392.txt
- http://www.securityfocus.com/archive/1/533374/100/0/threaded
- http://www.sos-berlin.com/modules/news/article.php?storyid=73
EPSS
CVE ID
Связанные уязвимости
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
EPSS