CVE-2015-1833

NONECVSS 0.0

0.0

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

🔗 References (16)

secalert@redhathttp://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
secalert@redhathttp://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
secalert@redhathttp://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
secalert@redhathttp://www.debian.org/security/2015/dsa-3298
secalert@redhathttp://www.securityfocus.com/archive/1/535582/100/0/threaded
secalert@redhathttp://www.securityfocus.com/bid/74761
secalert@redhathttps://issues.apache.org/jira/browse/JCR-3883
secalert@redhathttps://www.exploit-db.com/exploits/37110/
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3298
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/535582/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74761
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/JCR-3883

Is Your Infrastructure Affected by CVE-2015-1833?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-1833

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-1833?