XML External Entity Vulnerability in Apache Jackrabbit Products
CVE-2015-1833

Currently unrated

Key Information:

Vendor

Apache
Status
Jackrabbit
Vendor
CVE Published:
29 May 2015

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 43%

What is CVE-2015-1833?

The XML External Entity (XXE) vulnerability in Apache Jackrabbit versions prior to 2.0.6, 2.2.14, 2.4.6, 2.6.6, 2.8.1, and 2.10.1 allows remote attackers to exploit crafted WebDAV requests. This could lead to unauthorized access to sensitive files on the server and potentially allow attackers to make requests to internal services, resulting in information leakage and a potential breach of internal network security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-1833 - Proof of Concept

References

http://www.debian.org/security/2015/dsa-3298
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/74761
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/37110/
exploitx_refsource_EXPLOIT-DB

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.