{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-3298", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3298"}, {"name": "74761", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74761"}, {"name": "37110", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/37110/"}, {"name": "[jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E"}, {"name": "20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/535582/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/JCR-3883"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1833", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3298", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3298"}, {"name": "74761", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74761"}, {"name": "37110", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/37110/"}, {"name": "[jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E"}, {"name": "20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535582/100/0/threaded"}, {"name": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt"}, {"name": "https://issues.apache.org/jira/browse/JCR-3883", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/JCR-3883"}, {"name": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1833", "datePublished": "2015-05-29T15:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCA488EB-6AEF-4C3B-B9EC-0269E4C16B8F", "versionEndIncluding": "2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE38C192-C0E9-4F30-A4F2-9D4645F76502", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "82E60C57-AC1E-41DC-9B19-7AC1166DC8DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "AECF5291-3FDC-431D-9315-F594AD312B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DD5A9474-5FBC-43CF-824A-F5854FC765BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "34E6CC63-EA31-4E7E-ABA8-7EB135C95EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "F7CB306C-90E2-479A-88F4-8A7BE952FC86", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "428DB1B1-8640-4A3D-8582-940B91B75B4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "1A7E3CB1-A333-43F8-B5F8-B39844D0FD3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "BFAFC7B2-8421-4E21-9EC1-11FF17456C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "1B7161CD-E03A-4A2C-9048-3765D82DF35E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "5695D7A0-35D6-4780-8D07-67FD6270057F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "AAC1D0EF-7B96-4DB3-9925-0F872AF092EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "765A2672-88CB-40B6-811A-9F4FB503B9A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA4CC344-B6B9-48A9-8464-73486964F484", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E361D843-4697-4478-BE2B-4C4E07DC420D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "16B89FBF-D0D6-4126-9DBB-80E8DFE630EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B190B1F0-4EAD-48EE-A894-B776537A2ECA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "93B767E2-4E1E-4AF6-BF65-C07769DE88C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1C9DD4F-690E-4627-8C20-4931E5039D95", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACED7AF6-383C-4038-9823-BD5F2F054011", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7CFAABB-1E6D-40A4-AE3E-A36A8627CE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F83F02AC-0A32-4949-9EF8-2D3BC3272B08", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "21C97A68-5B82-4830-80A9-33052E73A9A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "D11B4EE2-94EB-4CF3-9E4C-5F0BF86080E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDD80948-AE24-4CA7-97C0-8017E5504A70", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:jackrabbit:2.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "09FE0F9B-6342-4C92-9EC5-561AAAC2034A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request."}, {"lang": "es", "value": "Vulnerabilidad de entidad externa XML (XXE) en Apache Jackrabbit anterior a 2.0.6, 2.2.x anterior a 2.2.14, 2.4.x anterior a 2.4.6, 2.6.x anterior a 2.6.6, 2.8.x anterior a 2.8.1, y 2.10.x anterior a 2.10.1 permite a atacantes remotos leer ficheros arbitrarios y enviar solicitudes a servicios de intranet a trav\u00e9s de una solicitud WebDAV manipulada."}], "id": "CVE-2015-1833", "lastModified": "2018-10-09T19:56:00.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-29T15:59:13.063", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3E"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3298"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/535582/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74761"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/JCR-3883"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://www.exploit-db.com/exploits/37110/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}