Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-1833

Опубликовано: 29 мая 2015
Источник: nvd
CVSS2: 6.4
EPSS Средний

Описание

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*
Версия до 2.0.5 (включая)
cpe:2.3:a:apache:jackrabbit:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.30217
Средний

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2015-1833

ubuntu
больше 10 лет назад

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

redhat логотип

CVE-2015-1833

redhat
больше 10 лет назад

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

debian логотип

CVE-2015-1833

debian
больше 10 лет назад

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2. ...

github логотип

GHSA-9284-j4c9-779q

github
больше 3 лет назад

Improper Input Validation in Apache Jackrabbit

EPSS

Процентиль: 97%
0.30217
Средний

6.4 Medium

CVSS2

Дефекты

CWE-20