CVE-2015-1833 Information

Feb 14, 2021 cve

Description

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6 2.2.x before 2.2.14 2.4.x before 2.4.6 2.6.x before 2.6.6 2.8.x before 2.8.1 and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Reference

http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/3C555DA644.808090840greenbytes.de3E http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt http://www.debian.org/security/2015/dsa-3298 http://www.securityfocus.com/archive/1/535582/100/0/threaded http://www.securityfocus.com/bid/74761 https://issues.apache.org/jira/browse/JCR-3883 https://www.exploit-db.com/exploits/37110/

Share on: