Описание
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Комментарий
Per: http://cwe.mitre.org/data/definitions/611.html
"CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.10 (включая)
Одно из
cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:6.0.1:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.7.10 (включая)Версия до 5.0.14 (включая)
Одно из
cpe:2.3:a:fruux:sabredav:*:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:fruux:sabredav:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:*:a:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.13:*:*:*:*:*:*:*
cpe:2.3:a:owncloud:owncloud_server:5.0.14:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00537
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
больше 11 лет назад
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
debian
больше 11 лет назад
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6 ...
EPSS
Процентиль: 67%
0.00537
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other