Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2013/07/09 12:0 a.m.82 views

Atlassian Crowd Xml eXternal Entity (XXE) Injection Vulnerability

This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability. OpenVAS Vulnerability Test $Id: gbatlassiancrowdxxeinjvuln.nasl 5842 2017-04-03 13:15:19Z cfi $ Atlassian Crowd Xml eXternal Entity XXE Injection Vulnerability Authors: Thanga Prakash S Copyright:...

5.8CVSS0.2AI score0.01758EPSS
Exploits1References2
CVE
CVE
added 2013/07/01 9:0 p.m.67 views

CVE-2013-3925

CVE-2013-3925 affects Atlassian Crowd prior to version 2.5.4, 2.6.x prior to 2.6.3, as well as 2.3.8 and 2.4.9. The flaw is an XML External Entity (XXE) vulnerability that enables remote attackers to read arbitrary files and cause requests to intranet servers by crafting a request to /services/2 ...

5.8CVSS8.9AI score0.01758EPSS
Exploits1References2Affected Software1
Atlassian
Atlassian
added 2013/06/18 10:44 p.m.36 views

Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network

h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...

5.8CVSS0.1AI score0.01758EPSS
Exploits1
Atlassian
Atlassian
added 2013/06/18 10:44 p.m.85 views

Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network

h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...

9.1CVSS0.1AI score0.66578EPSS
Exploits4Affected Software1
Rows per page
Query Builder