1. CVE-Search
  2. CVE-2015-1809
ID CVE-2015-1809
Summary XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees:1.596.1:*:*:*:lts:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees:1.596.1:*:*:*:lts:jenkins:*:*
CVSS
Base: 5.0 (as of 24-01-2020 - 14:19)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
redhat via4
rpms
  • jenkins-0:1.609.1-1.el6op
  • openshift-origin-broker-0:1.16.2.10-1.el6op
  • openshift-origin-broker-util-0:1.36.2.2-1.el6op
  • openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op
  • openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op
  • openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op
  • openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op
  • openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op
  • openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op
  • openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op
  • openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op
  • openshift-origin-cartridge-php-0:1.34.1.1-1.el6op
  • openshift-origin-cartridge-python-0:1.33.3.1-1.el6op
  • openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op
  • openshift-origin-logshifter-0:1.10.1.2-1.el6op
  • openshift-origin-node-util-0:1.37.2.1-1.el6op
  • rhc-0:1.37.1.2-1.el6op
  • rubygem-openshift-origin-console-0:1.35.2.1-1.el6op
  • rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op
  • rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op
  • rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op
  • rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op
  • rubygem-openshift-origin-node-0:1.37.1.1-1.el6op
  • rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op
refmap via4
misc
Last major update 24-01-2020 - 14:19
Published 15-01-2020 - 19:15
Last modified 24-01-2020 - 14:19
Back to Top