1. CVE-Search
  2. CVE-2017-9355
ID CVE-2017-9355
Summary XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
References
Vulnerable Configurations
  • cpe:2.3:a:subsonic:subsonic:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:subsonic:subsonic:6.1.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-08-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
exploit-db 42119
misc
Last major update 13-08-2017 - 01:29
Published 07-06-2017 - 19:29
Last modified 13-08-2017 - 01:29
Back to Top