CVE-2015-1833
Description
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
36.365
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.0.6 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.2.14 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.4.6 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.6.6 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.8.1 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core 2.10.1 | Windows |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.0.6 | Linux |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.2.14 | Linux |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.4.6 | Linux |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.6.6 | Linux |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.8.1 | Linux |
| Vulnerabilities CVE-2015-1833 are fixed in Apache-jackrabbit-core for Linux 2.10.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234