Xxe

2015-05-2915:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

CPENameOperatorVersion
jackrabbiteq2.2.13
jackrabbiteq2.2.10
jackrabbiteq2.4.3
jackrabbiteq2.2.9
jackrabbitle2.0.5
jackrabbiteq2.6.5
jackrabbiteq2.2.5
jackrabbiteq2.2.8
jackrabbiteq2.4.1
jackrabbiteq2.8.0

Name	Operator	Version
jackrabbit	eq	2.2.13
jackrabbit	eq	2.2.10
jackrabbit	eq	2.4.3
jackrabbit	eq	2.2.9
jackrabbit	le	2.0.5
jackrabbit	eq	2.6.5
jackrabbit	eq	2.2.5
jackrabbit	eq	2.2.8
jackrabbit	eq	2.4.1
jackrabbit	eq	2.8.0