CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000822

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile12.46th
PublishedDec 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.

Affected Platforms (CPE)

πŸ“¦
Codelibs

Fess

< 12.2.3

References & Advisories

πŸ”— https://0dd.zone/2018/10/27/fess-XXE/
πŸ”— https://github.com/codelibs/fess/issues/1851
πŸ”— https://0dd.zone/2018/10/27/fess-XXE/
πŸ”— https://github.com/codelibs/fess/issues/1851

Related Vulnerabilities

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-100065110.0

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidenti...