CyberSec.Space Logo
CVEブラウザに戻る

CVE-2014-3005

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile26.75th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

Affected Platforms (CPE)

📦
Zabbix

Zabbix

= 1.8
📦
Zabbix

Zabbix

= 1.8.1
📦
Zabbix

Zabbix

= 1.8.2
📦
Zabbix

Zabbix

= 1.8.3
📦
Zabbix

Zabbix

= 1.8.4
📦
Zabbix

Zabbix

= 1.8.5
📦
Zabbix

Zabbix

= 1.8.6
📦
Zabbix

Zabbix

= 1.8.7
📦
Zabbix

Zabbix

= 1.8.8
📦
Zabbix

Zabbix

= 1.8.9
📦
Zabbix

Zabbix

= 1.8.10
📦
Zabbix

Zabbix

= 1.8.11
📦
Zabbix

Zabbix

= 1.8.12
📦
Zabbix

Zabbix

= 1.8.13
📦
Zabbix

Zabbix

= 1.8.14
📦
Zabbix

Zabbix

= 1.8.15
📦
Zabbix

Zabbix

= 1.8.16
📦
Zabbix

Zabbix

= 1.8.17
📦
Zabbix

Zabbix

= 1.8.18
📦
Zabbix

Zabbix

= 1.8.19
📦
Zabbix

Zabbix

= 1.8.20
📦
Zabbix

Zabbix

= 2.0.0
📦
Zabbix

Zabbix

= 2.0.1
📦
Zabbix

Zabbix

= 2.0.2
📦
Zabbix

Zabbix

= 2.0.3
📦
Zabbix

Zabbix

= 2.0.4
📦
Zabbix

Zabbix

= 2.0.5
📦
Zabbix

Zabbix

= 2.0.6
📦
Zabbix

Zabbix

= 2.0.7
📦
Zabbix

Zabbix

= 2.0.8
📦
Zabbix

Zabbix

= 2.0.9
📦
Zabbix

Zabbix

= 2.0.10
📦
Zabbix

Zabbix

= 2.0.11
📦
Zabbix

Zabbix

= 2.0.12
📦
Zabbix

Zabbix

= 2.2.0
📦
Zabbix

Zabbix

= 2.2.1
📦
Zabbix

Zabbix

= 2.2.2
📦
Zabbix

Zabbix

= 2.2.3
📦
Zabbix

Zabbix

= 2.2.4
📦
Zabbix

Zabbix

= 2.3.0
📦
Zabbix

Zabbix

= 2.3.1
💻
Fedoraproject

Fedora

= 19
💻
Fedoraproject

Fedora

= 20

References & Advisories

🔗 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html
🔗 http://seclists.org/fulldisclosure/2014/Jun/87
🔗 http://www.securityfocus.com/bid/68075
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1110496
🔗 https://support.zabbix.com/browse/ZBX-8151
🔗 https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273
🔗 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html

関連する脆弱性情報

CVE-2007-064010.0

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

CVE-2013-57439.8

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

CVE-2020-118009.8

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.

CVE-2013-37389.8

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which coul...