XXE Attack Vulnerability in Apereo Bedework WebDAV Interface
CVE-2018-20000
7.5HIGH
What is CVE-2018-20000?
The Apereo Bedework WebDAV interface prior to version 4.0.3 is vulnerable to XML External Entity (XXE) attacks. This vulnerability can be exploited by an attacker to read local files from the server through a specially crafted invite-reply document. The issue is linked to the webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java components. It is crucial for administrators to update to the latest version to mitigate this risk and enhance overall web application security.
