Vulnerabilities > CVE-2015-3000 - Resource Management Errors vulnerability in Sysaid
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | SysAid Help Desk 14.4 - Multiple Vulnerabilities. CVE-2015-2993,CVE-2015-2994,CVE-2015-2995,CVE-2015-2996,CVE-2015-2997,CVE-2015-2998,CVE-2015-2999,CVE-2015-... |
id | EDB-ID:43885 |
last seen | 2018-01-25 |
modified | 2015-06-10 |
published | 2015-06-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43885/ |
title | SysAid Help Desk 14.4 - Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/132138/sysaidhelpdesk-execdos.txt |
id | PACKETSTORM:132138 |
last seen | 2016-12-05 |
published | 2015-06-03 |
reporter | Pedro Ribeiro |
source | https://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html |
title | SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection |
References
- http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jun/8
- http://www.securityfocus.com/archive/1/535679/100/0/threaded
- http://www.securityfocus.com/bid/75038
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk