Published: 07/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
subsonic subsonic 6.1.1

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/SUBSONIC-XML-EXTERNAL-ENITITYtxt [+] ISR: ApparitionSec Vendor: ================ wwwsubsonicorg Product: =============== subsonic v611 Subsonic is a media streaming server You install it on ...

Subsonic 611 import playlist feature is susceptible to an XML External Entity attack via import of a malicious XSPF playlist file ...

CWE-918 http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt https://www.exploit-db.com/exploits/42119/https://nvd.nist.gov https://www.exploit-db.com/exploits/42119/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9355

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect