CVE-2015-1833

Currently unrated

Key Information:

Vendor: Apache
Status: Jackrabbit
Vendor: CVE Published:; 29 May 2015

Summary

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

References

http://www.debian.org/security/2015/dsa-3298

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/74761

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/37110/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
May 29, 2015
Vulnerability Reserved
Feb 17, 2015