CVE-2015-1833
Improper Input Validation in Apache Jackrabbit
EPSS 31.0%
Description
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
How to fix CVE-2015-1833
To remediate CVE-2015-1833, upgrade the affected package to a fixed version below.
- Debian/jackrabbit—upgrade to 2.10.1-1 or later
- Debian/jackrabbit—upgrade to 2.3.6-1+deb7u1 or later
- —upgrade to 2.0.6 or later
Is CVE-2015-1833 being exploited?
Moderate — EPSS is 31.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.10.1-1
- from 0, < 2.3.6-1+deb7u1
- from 0, < 2.0.6