CVE-2014-3005

Sažetak

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html
http://seclists.org/fulldisclosure/2014/Jun/87
http://www.securityfocus.com/bid/68075
https://bugzilla.redhat.com/show_bug.cgi?id=1110496
https://support.zabbix.com/browse/ZBX-8151
https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

21-02-2018 - 14:57

Objavljeno

01-02-2018 - 17:29