Seal Security

CVE-2015-1833

Improper Input Validation in Apache Jackrabbit

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

org.apache.jackrabbit:jackrabbit-core < 2.0.6; org.apache.jackrabbit:jackrabbit-core >= 2.2.0 < 2.2.14; org.apache.jackrabbit:jackrabbit-core >= 2.4.0 < 2.4.6; org.apache.jackrabbit:jackrabbit-core >= 2.6.0 < 2.6.6; org.apache.jackrabbit:jackrabbit-core >= 2.8.0 < 2.8.1; org.apache.jackrabbit:jackrabbit-core >= 2.10.0 < 2.10.1

Severity

Ecosystem

Publish Date

May 13, 2022

Modified Date

December 4, 2024