CVE-2015-1833
Published: 29 May 2015
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
Notes
Author | Note |
---|---|
sbeattie | package only contains webdav module; however, vuln affects webdav module |
Priority
Status
Package | Release | Status |
---|---|---|
jackrabbit Launchpad, Ubuntu, Debian |
wily |
Not vulnerable
(2.10.1-1)
|
upstream |
Released
(2.10.1, 2.8.1, 2.6.6, 2.4.6, 2.2.14, 2.0.6)
|
|
precise |
Does not exist
|
|
trusty |
Released
(2.3.6-1+deb8u1build0.14.04.1)
|
|
utopic |
Released
(2.3.6-1+deb8u1build0.14.10.1)
|
|
vivid |
Released
(2.3.6-1+deb8u1build0.15.04.1)
|