Vulnerabilities > CVE-2014-7177 - XML External Entity Information Disclosure vulnerability in Enalean Tuleap

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
enalean
exploit available

Summary

XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part Description Count
Application
Enalean
84

Exploit-Db

descriptionEnalean Tuleap 7.2 - XXE File Disclosure. CVE-2014-7176,CVE-2014-7177. Webapps exploit for php platform
idEDB-ID:35099
last seen2016-02-04
modified2014-10-28
published2014-10-28
reporterPortcullis
sourcehttps://www.exploit-db.com/download/35099/
titleEnalean Tuleap 7.2 - XXE File Disclosure

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/128876/tuleap-xxe.txt
idPACKETSTORM:128876
last seen2016-12-05
published2014-10-28
reporterJerzy Kramarz
sourcehttps://packetstormsecurity.com/files/128876/Tuleap-7.2-XXE-Injection.html
titleTuleap 7.2 XXE Injection

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87391
last seen2017-11-19
modified2014-11-13
published2014-11-13
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87391
titleEnalean Tuleap 7.2 - XXE File Disclosure