Vulnerabilities > CVE-2014-5392 - XML External Entity Injection vulnerability in JobScheduler
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL network
sos
Summary
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
References
- http://packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.html
- http://www.christian-schneider.net/advisories/CVE-2014-5392.txt
- http://www.securityfocus.com/archive/1/533374/100/0/threaded
- http://www.sos-berlin.com/modules/news/article.php?storyid=73
- https://change.sos-berlin.com/browse/JS-1204