ID CVE-2017-2815
Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
talos via4
id TALOS-2017-0316
last seen 2017-07-26
published 2017-07-19
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0316
title Open Fire User Import Export Plugin XML External Entity Injection
Last major update 15-05-2018 - 13:29
Published 15-05-2018 - 13:29
Last modified 15-05-2018 - 13:29
Back to Top