CVE-2014-5392

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sos:jobscheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:sos:jobscheduler:1.6.4014:*:*:*:*:*:*:*
cpe:2.3:a:sos:jobscheduler:1.6.4043:*:*:*:*:*:*:*
cpe:2.3:a:sos:jobscheduler:1.7.4177:*:*:*:*:*:*:*
cpe:2.3:a:sos:jobscheduler:1.7.4189:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html - Patch () http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html - Patch
References () http://www.christian-schneider.net/advisories/CVE-2014-5392.txt - Patch () http://www.christian-schneider.net/advisories/CVE-2014-5392.txt - Patch
References () http://www.securityfocus.com/archive/1/533374/100/0/threaded - () http://www.securityfocus.com/archive/1/533374/100/0/threaded -
References () http://www.sos-berlin.com/modules/news/article.php?storyid=73 - Patch () http://www.sos-berlin.com/modules/news/article.php?storyid=73 - Patch
References () https://change.sos-berlin.com/browse/JS-1204 - () https://change.sos-berlin.com/browse/JS-1204 -

Information

Published : 2014-09-23 15:55

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5392

Mitre link : CVE-2014-5392

CVE.ORG link : CVE-2014-5392


JSON object : View

Products Affected

sos

  • jobscheduler