Описание
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-5035
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95254
- http://packetstormsecurity.com/files/127843/Opendaylight-1.0-Local-File-Inclusion-Remote-File-Inclusion.html
- http://seclists.org/fulldisclosure/2014/Aug/34
- http://www.securityfocus.com/archive/1/533114/100/0/threaded
EPSS
Процентиль: 73%
0.00777
Низкий
CVE ID
Связанные уязвимости
nvd
больше 11 лет назад
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
EPSS
Процентиль: 73%
0.00777
Низкий