CVE-2015-1833
Published May 29, 2015
Last updated 6 years ago
Overview
- Description
- XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCA488EB-6AEF-4C3B-B9EC-0269E4C16B8F",
"versionEndIncluding": "2.0.5"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE38C192-C0E9-4F30-A4F2-9D4645F76502"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82E60C57-AC1E-41DC-9B19-7AC1166DC8DB"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AECF5291-3FDC-431D-9315-F594AD312B9C"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD5A9474-5FBC-43CF-824A-F5854FC765BD"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34E6CC63-EA31-4E7E-ABA8-7EB135C95EBD"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7CB306C-90E2-479A-88F4-8A7BE952FC86"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "428DB1B1-8640-4A3D-8582-940B91B75B4D"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A7E3CB1-A333-43F8-B5F8-B39844D0FD3E"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFAFC7B2-8421-4E21-9EC1-11FF17456C5B"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B7161CD-E03A-4A2C-9048-3765D82DF35E"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5695D7A0-35D6-4780-8D07-67FD6270057F"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAC1D0EF-7B96-4DB3-9925-0F872AF092EA"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "765A2672-88CB-40B6-811A-9F4FB503B9A5"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA4CC344-B6B9-48A9-8464-73486964F484"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E361D843-4697-4478-BE2B-4C4E07DC420D"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16B89FBF-D0D6-4126-9DBB-80E8DFE630EA"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B190B1F0-4EAD-48EE-A894-B776537A2ECA"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93B767E2-4E1E-4AF6-BF65-C07769DE88C6"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1C9DD4F-690E-4627-8C20-4931E5039D95"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACED7AF6-383C-4038-9823-BD5F2F054011"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7CFAABB-1E6D-40A4-AE3E-A36A8627CE7A"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F83F02AC-0A32-4949-9EF8-2D3BC3272B08"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21C97A68-5B82-4830-80A9-33052E73A9A6"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D11B4EE2-94EB-4CF3-9E4C-5F0BF86080E4"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDD80948-AE24-4CA7-97C0-8017E5504A70"
},
{
"criteria": "cpe:2.3:a:apache:jackrabbit:2.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09FE0F9B-6342-4C92-9EC5-561AAAC2034A"
}
],
"operator": "OR"
}
]
}
]