Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1833Improper Input Validation in Apache Jackrabbit

CWE-20Improper Input Validation10 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
31.0%
top 3.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Jackrabbit
Timeline
PublishedMay 29
Latest updateMay 14

Description

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debianapache/jackrabbit< 2.10.1-1+3
NVDapache/jackrabbit2.0.5+26

🔴Vulnerability Details

4
GHSA
Improper Input Validation in Apache Jackrabbit2022-05-14
OSV
Improper Input Validation in Apache Jackrabbit2022-05-14
OSV
CVE-2015-1833: XML external entity (XXE) vulnerability in Apache Jackrabbit before 22015-05-29
CVEList
CVE-2015-1833: XML external entity (XXE) vulnerability in Apache Jackrabbit before 22015-05-29

💥Exploits & PoCs

1
Exploit-DB
Apache JackRabbit - WebDAV XML External Entity2015-05-26

📋Vendor Advisories

2
Red Hat
jackrabbit: Jackrabbit WebDAV bundle susceptible to XXE/XEE attack2015-05-21
Debian
CVE-2015-1833: jackrabbit - XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x...2015

💬Community

2
Bugzilla
CVE-2015-1833 jackrabbit: Jackrabbit WebDAV bundle susceptible to XXE/XEE attack [fedora-all]2015-05-21
Bugzilla
CVE-2015-1833 jackrabbit: Jackrabbit WebDAV bundle susceptible to XXE/XEE attack2015-05-21
CVE-2015-1833 — Improper Input Validation in Apache | cvebase