Vulnerabilities > CVE-2014-7177 - Unspecified vulnerability in Enalean Tuleap
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN enalean
exploit available
Summary
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Vulnerable Configurations
Exploit-Db
| description | Enalean Tuleap 7.2 - XXE File Disclosure. CVE-2014-7176,CVE-2014-7177. Webapps exploit for php platform |
| id | EDB-ID:35099 |
| last seen | 2016-02-04 |
| modified | 2014-10-28 |
| published | 2014-10-28 |
| reporter | Portcullis |
| source | https://www.exploit-db.com/download/35099/ |
| title | Enalean Tuleap 7.2 - XXE File Disclosure |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/128876/tuleap-xxe.txt |
| id | PACKETSTORM:128876 |
| last seen | 2016-12-05 |
| published | 2014-10-28 |
| reporter | Jerzy Kramarz |
| source | https://packetstormsecurity.com/files/128876/Tuleap-7.2-XXE-Injection.html |
| title | Tuleap 7.2 XXE Injection |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:87391 |
| last seen | 2017-11-19 |
| modified | 2014-11-13 |
| published | 2014-11-13 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-87391 |
| title | Enalean Tuleap 7.2 - XXE File Disclosure |
References
- http://seclists.org/fulldisclosure/2014/Oct/120
- http://www.osvdb.org/113680
- http://www.securityfocus.com/bid/70771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98308
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog
- https://tuleap.net/plugins/tracker/?aid=7458
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/
- https://www.tuleap.org/recent-vulnerabilities
- http://seclists.org/fulldisclosure/2014/Oct/120
- https://www.tuleap.org/recent-vulnerabilities
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7177/
- https://tuleap.net/plugins/tracker/?aid=7458
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98308
- http://www.securityfocus.com/bid/70771
- http://www.osvdb.org/113680