ID CVE-2017-2815
Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:igniterealtime:user_import_export:2.6.0:-:-:-:-:openfire
    cpe:2.3:a:igniterealtime:user_import_export:2.6.0:-:-:-:-:openfire
CVSS
Base: 5.5
Impact:
Exploitability:
CWE CWE-611
CAPEC
refmap via4
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
talos via4
id TALOS-2017-0316
last seen 2018-08-31
published 2017-07-19
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
title Open Fire User Import Export Plugin XML External Entity Injection
Last major update 15-05-2018 - 13:29
Published 15-05-2018 - 13:29
Last modified 19-06-2018 - 09:35
Back to Top