Xxe

2018-12-2015:29:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.

CPENameOperatorVersion
frostwireeq1.9.9 build246
frostwireeq1.9.9 build247
frostwireeq2.0.7 build263
frostwireeq6.1.6 build166
frostwireeq6.1.6 build167
frostwireeq6.1.7 build168
frostwireeq6.1.8 build169
frostwireeq6.1.9 build172
frostwireeq6.2.0 build173
frostwireeq6.2.0 build174

Name	Operator	Version
frostwire	eq	1.9.9 build246
frostwire	eq	1.9.9 build247
frostwire	eq	2.0.7 build263
frostwire	eq	6.1.6 build166
frostwire	eq	6.1.6 build167
frostwire	eq	6.1.7 build168
frostwire	eq	6.1.8 build169
frostwire	eq	6.1.9 build172
frostwire	eq	6.2.0 build173
frostwire	eq	6.2.0 build174