XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html - Patch | |
References | () http://www.christian-schneider.net/advisories/CVE-2014-5392.txt - Patch | |
References | () http://www.securityfocus.com/archive/1/533374/100/0/threaded - | |
References | () http://www.sos-berlin.com/modules/news/article.php?storyid=73 - Patch | |
References | () https://change.sos-berlin.com/browse/JS-1204 - |
Information
Published : 2014-09-23 15:55
Updated : 2024-11-21 02:11
NVD link : CVE-2014-5392
Mitre link : CVE-2014-5392
CVE.ORG link : CVE-2014-5392
JSON object : View
Products Affected
sos
- jobscheduler
CWE