Vulnerabilities > CVE-2017-9355 - Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Subsonic 6.1.1 - XML External Entity Injection. CVE-2017-9355. Local exploit for Windows platform |
file | exploits/windows/local/42119.txt |
id | EDB-ID:42119 |
last seen | 2017-06-05 |
modified | 2017-06-05 |
platform | windows |
port | |
published | 2017-06-05 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42119/ |
title | Subsonic 6.1.1 - XML External Entity Injection |
type | local |
Packetstorm
data source | https://packetstormsecurity.com/files/download/142795/SUBSONIC-XML-EXTERNAL-ENITITY.txt |
id | PACKETSTORM:142795 |
last seen | 2017-06-05 |
published | 2017-06-03 |
reporter | hyp3rlinx |
source | https://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html |
title | Subsonic 6.1.1 XML External Entity Attack |
References
- http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt
- http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt
- http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html
- http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html
- https://www.exploit-db.com/exploits/42119/
- https://www.exploit-db.com/exploits/42119/