ID |
CVE-2015-1811
|
Summary |
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 24-01-2020 - 14:18) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-611 |
CAPEC |
-
XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
redhat
via4
|
rpms | - jenkins-0:1.609.1-1.el6op
- openshift-origin-broker-0:1.16.2.10-1.el6op
- openshift-origin-broker-util-0:1.36.2.2-1.el6op
- openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op
- openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op
- openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op
- openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op
- openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op
- openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op
- openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op
- openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op
- openshift-origin-cartridge-php-0:1.34.1.1-1.el6op
- openshift-origin-cartridge-python-0:1.33.3.1-1.el6op
- openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op
- openshift-origin-logshifter-0:1.10.1.2-1.el6op
- openshift-origin-node-util-0:1.37.2.1-1.el6op
- rhc-0:1.37.1.2-1.el6op
- rubygem-openshift-origin-console-0:1.35.2.1-1.el6op
- rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op
- rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op
- rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op
- rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op
- rubygem-openshift-origin-node-0:1.37.1.1-1.el6op
- rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op
|
|
refmap
via4
|
|
Last major update |
24-01-2020 - 14:18 |
Published |
15-01-2020 - 19:15 |
Last modified |
24-01-2020 - 14:18 |