Описание
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.10.1-1 |
| esm-infra-legacy/trusty | released | 2.3.6-1+deb8u1build0.14.04.1 |
| precise | DNE | |
| trusty | released | 2.3.6-1+deb8u1build0.14.04.1 |
| trusty/esm | released | 2.3.6-1+deb8u1build0.14.04.1 |
| upstream | released | 2.10.1, 2.8.1, 2.6.6, 2.4.6, 2.2.14, 2.0.6 |
| utopic | released | 2.3.6-1+deb8u1build0.14.10.1 |
| vivid | released | 2.3.6-1+deb8u1build0.15.04.1 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2. ...
EPSS
6.4 Medium
CVSS2