Miembros de
Boletines de Vulnerabilidades |
DSA-3298 jackrabbit - security update |
|
Información sobre el sistema |
|
| Software afectado | Debian |
Descripción |
|
|
It was discovered that the Jackrabbit WebDAV bundle was susceptible to aXXE/XEE attack. When processing a WebDAV request body containing XML,the XML parser could be instructed to read content from networkresources accessible to the host, identified by URI schemes such ashttp(s) or file. Depending on the WebDAV request, this could notonly be used to trigger internal network requests, but might also beused to insert said content into the request, potentially exposing it tothe attacker and others. More info: https://www.debian.org/security/2015/dsa-3298 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2015-1833 and DSA-3298. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-07-02 |