Lucene search

PRIOn knowledge basePRION:CVE-2014-5392

HistorySep 23, 2014 - 3:55 p.m.

Xxe

2014-09-2315:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

CPENameOperatorVersion
jobschedulereq1.6.4043
jobschedulereq1.7.4189
jobschedulereq1.6.4014
jobschedulereq1.7.4177
jobschedulerle1.6.4131

Name	Operator	Version
jobscheduler	eq	1.6.4043
jobscheduler	eq	1.7.4189
jobscheduler	eq	1.6.4014
jobscheduler	eq	1.7.4177
jobscheduler	le	1.6.4131

References

packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html

www.christian-schneider.net/advisories/CVE-2014-5392.txt

www.securityfocus.com/archive/1/533374/100/0/threaded

www.sos-berlin.com/modules/news/article.php?storyid=73

change.sos-berlin.com/browse/JS-1204

7.3 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for PRION:CVE-2014-5392