VDB
CVE-2015-1833
CVE-2015-1833
PUBLISHED
XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.
EPSS 31.03% · 96.8th percentile
Risk Scores
EPSS Score
31.03%
96.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | jackrabbit | 0, 2.3.6-1 |
Exploit Intelligence
- DSA-3298 (circl)
- 74761 (circl)
- [jackrabbit-announce] 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (circl)
- 20150521 CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) (circl)
- http://www.apache.org/dist/jackrabbit/2.10.1/RELEASE-NOTES.txt (circl)
- https://issues.apache.org/jira/browse/JCR-3883 (circl)
- http://packetstormsecurity.com/files/132005/Jackrabbit-WebDAV-XXE-Injection.html (circl)
- 37110 (cve.org)
- Milton Webdav 2.7.0.1 XXE Injection Vulnerability (0day-today)
- Milton Webdav 2.7.0.1 XXE Injection Vulnerability (0day-today)
…and 2 more exploits
Timeline
- May 27, 2015 PoC Published
- May 29, 2015 CVE Published
- Nov 2, 2015 PoC Published
- Feb 4, 2022 EPSS Score
- Oct 17, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jul 27, 2023 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-1833 third-party-advisory
- https://issues.apache.org/jira/browse/JCR-3883 third-party-advisory
- http://www.openwall.com/lists/oss-security/2015/05/21/6 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-1833 third-party-advisory