exploitDog

CVE-2017-2815

Опубликовано: 15 мая 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.

Ссылки

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:igniterealtime:user_import_export:2.6.0:*:*:*:*:openfire:*:*

EPSS

Процентиль: 56%

0.00333

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-7pm8-vqv8-7v4x

CVSS3: 8.1

github

больше 3 лет назад

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.

EPSS

Процентиль: 56%

0.00333

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-611