77 matches found
PT-2023-6522
Name of the Vulnerable Software and Affected Versions WireMock versions prior to 2.35.1 WireMock versions prior to 3.0.3 Python WireMock versions prior to 2.6.1 WireMock Studio all versions Description The issue is related to the proxy mode of WireMock, which can be protected by network...
Directory Traversal Through XML External Entity (XXE)
wiremock is vulnerable to directory traversal through XML External Entity XXE attacks. The application does not disable DTD during XPATH Evaluation, allowing a malicious user to traverse the directory...
Denial Of Service (DoS) Through XML External Entity (XXE) Injection
wiremock is vulnerable to Denial of Service DoS attacks. The application does not disable the downloading of DTDs during XML parsing, allowing a malicious user to inject external entities to consume resources...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
Directory traversal
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9116
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service...
CVE-2018-9116
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service...
CVE-2018-9116
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service...
Xxe
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service...
CVE-2018-9117
CVE-2018-9117 affects WireMock before 2.16.0, where a remote unauthenticated attacker can access local files outside the application directory by sending a specially crafted XML request, i.e., a Directory Traversal. Root cause described as an XML-based traversal vulnerability; several connected s...
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal...
CVE-2018-9116
CVE-2018-9116 is an XXE vulnerability in WireMock prior to 2.16.0. A remote unauthenticated attacker can access local files and internal resources and may cause a Denial of Service by abusing XML External Entity processing. Affected product: WireMock (versions before 2.16.0). Root cause: XML pars...
CVE-2018-9116
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service...
WireMock Directory Traversal Vulnerability
WireMock is an open source HTTP-based API simulator . A security vulnerability exists in WireMock versions prior to 2.16.0. A remote attacker could exploit the vulnerability by sending specially crafted XML requests to access local files outside of the application directory...
WireMock XML External Entity Injection Vulnerability
WireMock is an open source HTTP-based API simulator . An XML external entity vulnerability exists in WireMock versions prior to 2.16.0. A remote attacker could exploit this vulnerability to access local files and internal resources and potentially cause a denial of service...