XML External Entity Vulnerability in Apache Jackrabbit Products
CVE-2015-1833

Currently unrated

Key Information:

Vendor: Apache
Status: Jackrabbit
Vendor: CVE Published:; 29 May 2015

Summary

The XML External Entity (XXE) vulnerability in Apache Jackrabbit versions prior to 2.0.6, 2.2.14, 2.4.6, 2.6.6, 2.8.1, and 2.10.1 allows remote attackers to exploit crafted WebDAV requests. This could lead to unauthorized access to sensitive files on the server and potentially allow attackers to make requests to internal services, resulting in information leakage and a potential breach of internal network security.

References

http://www.debian.org/security/2015/dsa-3298

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/74761

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/37110/

exploitx_refsource_EXPLOIT-DB

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 29, 2015
Vulnerability Reserved
Feb 17, 2015