Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2015-1833

Published: 29/05/2015 Updated: 09/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 646
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Jackrabbit

Vulnerability Summary

XML external entity (XXE) vulnerability in Apache Jackrabbit prior to 2.0.6, 2.2.x prior to 2.2.14, 2.4.x prior to 2.4.6, 2.6.x prior to 2.6.6, 2.8.x prior to 2.8.1, and 2.10.x prior to 2.10.1 allows remote malicious users to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache jackrabbit 2.2.10

apache jackrabbit 2.2.9

apache jackrabbit 2.2.0

apache jackrabbit 2.4.5

apache jackrabbit 2.6.4

apache jackrabbit 2.6.3

apache jackrabbit

apache jackrabbit 2.2.13

apache jackrabbit 2.2.5

apache jackrabbit 2.2.4

apache jackrabbit 2.4.2

apache jackrabbit 2.4.1

apache jackrabbit 2.8.0

apache jackrabbit 2.10.0

apache jackrabbit 2.2.12

apache jackrabbit 2.2.11

apache jackrabbit 2.2.2

apache jackrabbit 2.2.1

apache jackrabbit 2.4.0

apache jackrabbit 2.6.5

apache jackrabbit 2.2.8

apache jackrabbit 2.2.7

apache jackrabbit 2.4.4

apache jackrabbit 2.4.3

apache jackrabbit 2.6.2

apache jackrabbit 2.6.1

apache jackrabbit 2.6.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2015-1833
Debian Bug report logs - #787316 CVE-2015-1833 Package: src:jackrabbit; Maintainer for src:jackrabbit is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 31 May 2015 10:09:01 UTC Owned by: Markus Koschany <apo@gambarude> Severity ...

Exploits

Exploit DB: Apache JackRabbit - WebDAV XML External Entity
#!/usr/bin/env python """ # Exploit Title: Jackrabbit WebDAV XXE # Date: 25-05-2015 # Software Link: jackrabbitapacheorg/jcr/ # Exploit Author: Mikhail Egorov # Contact: 0ang3el () gmail com # Website: 0ang3elblogspotcom # CVE: CVE-2015-1833 # Category: webapps 1 Description Jackrabbit WebDAV plugin use insecurely configured XM ...
Exploit DB: Milton Webdav 2.7.0.1 XXE Injection
Milton Webdav version 2701 suffers from an XXE injection vulnerability ...

Github Repositories

https://github.com/andyacer/aemscan_edit

Edited version of aemscan

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

https://github.com/vulnerabilitylabs/aem-hacker

AEM hacker toolset Tools to identify vulnerable Adobe Experience Manager (AEM) webapps AEM is an enterprise-grade CMS I built these tools to automate bughunting and pentesting of AEM webapps I included checks for previously known vulnerabilities and misconfigurations, as well as for new ones, discovered by me in 2018 All discovered vulnerabilities were responsibly reported

https://github.com/Raz0r/aemscan

Adobe Experience Manager Vulnerability Scanner

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

https://github.com/TheRipperJhon/AEMVS

Adobe Experience Manager Vulnerability Scanner

aemscan Adobe Experience Manager Vulnerability Scanner raz0rname/releases/adobe-experience-manager-vulnerability-scanner/ Features Default credentials bruteforce Info leak via default error page WebDav support check (WebDav OSGI XXE CVE-2015-1833) Version detection Useful paths scanner Installation $ python setuppy install Usage $ aemscan <url> TODO C

References

CWE-20http://www.securityfocus.com/bid/74761https://www.exploit-db.com/exploits/37110/http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txthttp://mail-archives.apache.org/mod_mbox/jackrabbit-announce/201505.mbox/%3C555DA644.8080908%40greenbytes.de%3Ehttps://issues.apache.org/jira/browse/JCR-3883http://www.debian.org/security/2015/dsa-3298http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.htmlhttp://www.securityfocus.com/archive/1/535582/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787316https://nvd.nist.govhttps://www.exploit-db.com/exploits/37110/https://github.com/andyacer/aemscan_edit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook