11 matches found
com.composum.sling.core:composum-sling-core-commons (>=1.3.1 <=1.12.4), com.composum.sling.core:composum-sling-core-console (>=1.6.0 <=1.12.4) +15 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.6.0 <=2.6.5)
org.apache.jackrabbit:jackrabbit-core MAVEN version =2.6.0, =1.3.1, =1.6.0, =1.4.0, =2.4.30, =2.4.30, =1.4-M4, =1.4-M4, =2.6.0, =2.6.0, =2.6.0, =1.3.0-beta3, =1.0.0, =1.2.0, =1.3.0-beta2 and more Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...
io.inkstand:inkstand-jcr-jackrabbit (>=0.1.1 <=0.1.3), io.inkstand:scribble (>=0.1.0 <=0.2.0-alpha3) +23 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (=2.8.0)
org.apache.jackrabbit:jackrabbit-core MAVEN version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.jackrabbit:jackrabbit-core and may be impacted: - io.inkstand:inkstand-jcr-jackrabbit =0.1.1, =0.1.0, =0.3.0, =0.3.0, =0.4.0, =0.4.0,...
Mageia: Security Advisory (MGASA-2015-0242)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0242 Updated jackrabbit packages fix CVE-2015-1833
Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
CVE-2015-1833
The CVE-2015-1833 issue is an XXE vulnerability in Apache Jackrabbit’s WebDAV handling where the XML parser can be coerced to read local/network resources. Affected versions include Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10....
CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
Apache Jackrabbit WebDAV XXE Exploit
Exploit for java platform in category web applications !/usr/bin/env python """ Exploit Title: Jackrabbit WebDAV XXE Date: 25-05-2015 Software Link: http://jackrabbit.apache.org/jcr/ Exploit Author: Mikhail Egorov Contact: 0ang3el gmail com Website: http://0ang3el.blogspot.com CVE: CVE-2015-1833...