Vulnerabilities > CVE-2018-1000831 - XXE vulnerability in K9Mail K-9 Mail

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

k9mail

CWE-611

critical

NVD

Published: 2018-12-20

Updated: 2019-01-08

Summary

K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.

Vulnerable Configurations

Part	Description	Count
Application	K9Mail K9Mail K 9 Mail 2.000 K9Mail K 9 Mail 2.102 K9Mail K 9 Mail 2.103 K9Mail K 9 Mail 2.105 K9Mail K 9 Mail 2.106 K9Mail K 9 Mail 2.107 K9Mail K 9 Mail 2.108 K9Mail K 9 Mail 2.109 K9Mail K 9 Mail 2.300 K9Mail K 9 Mail 2.301 K9Mail K 9 Mail 2.302 K9Mail K 9 Mail 2.303 K9Mail K 9 Mail 2.304 K9Mail K 9 Mail 2.305 K9Mail K 9 Mail 2.306 K9Mail K 9 Mail 2.307 K9Mail K 9 Mail 2.308 K9Mail K 9 Mail 2.309 K9Mail K 9 Mail 2.310 K9Mail K 9 Mail 2.311 K9Mail K 9 Mail 2.312 K9Mail K 9 Mail 2.390 K9Mail K 9 Mail 2.391 K9Mail K 9 Mail 2.400 K9Mail K 9 Mail 2.401 K9Mail K 9 Mail 2.402 K9Mail K 9 Mail 2.405 K9Mail K 9 Mail 2.503 K9Mail K 9 Mail 2.504 K9Mail K 9 Mail 2.505 K9Mail K 9 Mail 2.506 K9Mail K 9 Mail 2.507 K9Mail K 9 Mail 2.508 K9Mail K 9 Mail 2.510 K9Mail K 9 Mail 2.511 K9Mail K 9 Mail 2.512 K9Mail K 9 Mail 2.513 K9Mail K 9 Mail 2.514 K9Mail K 9 Mail 2.515 K9Mail K 9 Mail 2.590 K9Mail K 9 Mail 2.591 K9Mail K 9 Mail 2.600 K9Mail K 9 Mail 2.701 K9Mail K 9 Mail 2.702 K9Mail K 9 Mail 2.703 K9Mail K 9 Mail 2.704 K9Mail K 9 Mail 2.705 K9Mail K 9 Mail 2.706 K9Mail K 9 Mail 2.707 K9Mail K 9 Mail 2.708 K9Mail K 9 Mail 2.709 K9Mail K 9 Mail 2.710 K9Mail K 9 Mail 2.711 K9Mail K 9 Mail 2.790 K9Mail K 9 Mail 2.800 K9Mail K 9 Mail 2.801 K9Mail K 9 Mail 2.802 K9Mail K 9 Mail 2.803 K9Mail K 9 Mail 2.900 K9Mail K 9 Mail 2.901 K9Mail K 9 Mail 2.902 K9Mail K 9 Mail 2.903 K9Mail K 9 Mail 2.904 K9Mail K 9 Mail 2.905 K9Mail K 9 Mail 2.906 K9Mail K 9 Mail 2.907 K9Mail K 9 Mail 2.908 K9Mail K 9 Mail 2.909 K9Mail K 9 Mail 2.910 K9Mail K 9 Mail 2.911 K9Mail K 9 Mail 2.912 K9Mail K 9 Mail 2.913 K9Mail K 9 Mail 2.990 K9Mail K 9 Mail 2.991 K9Mail K 9 Mail 2.992 K9Mail K 9 Mail 2.993 K9Mail K 9 Mail 2.994 K9Mail K 9 Mail 2.995 K9Mail K 9 Mail 3.000 K9Mail K 9 Mail 3.001 K9Mail K 9 Mail 3.002 K9Mail K 9 Mail 3.2.03 K9Mail K 9 Mail 3.003 K9Mail K 9 Mail 3.101 K9Mail K 9 Mail 3.102 K9Mail K 9 Mail 3.103 K9Mail K 9 Mail 3.104 K9Mail K 9 Mail 3.105 K9Mail K 9 Mail 3.106 K9Mail K 9 Mail 3.107 K9Mail K 9 Mail 3.108 K9Mail K 9 Mail 3.109 K9Mail K 9 Mail 3.110 K9Mail K 9 Mail 3.111 K9Mail K 9 Mail 3.112 K9Mail K 9 Mail 3.113 K9Mail K 9 Mail 3.114 K9Mail K 9 Mail 3.115 K9Mail K 9 Mail 3.116 K9Mail K 9 Mail 3.117 K9Mail K 9 Mail 3.118 K9Mail K 9 Mail 3.119 K9Mail K 9 Mail 3.120 K9Mail K 9 Mail 3.190 K9Mail K 9 Mail 3.191 K9Mail K 9 Mail 3.192 K9Mail K 9 Mail 3.200 K9Mail K 9 Mail 3.201 K9Mail K 9 Mail 3.202 K9Mail K 9 Mail 3.203 K9Mail K 9 Mail 3.204 K9Mail K 9 Mail 3.205 K9Mail K 9 Mail 3.206 K9Mail K 9 Mail 3.207 K9Mail K 9 Mail 3.208 K9Mail K 9 Mail 3.301 K9Mail K 9 Mail 3.302 K9Mail K 9 Mail 3.303 K9Mail K 9 Mail 3.304 K9Mail K 9 Mail 3.305 K9Mail K 9 Mail 3.306 K9Mail K 9 Mail 3.307 K9Mail K 9 Mail 3.308 K9Mail K 9 Mail 3.309 K9Mail K 9 Mail 3.310 K9Mail K 9 Mail 3.311 K9Mail K 9 Mail 3.312 K9Mail K 9 Mail 3.313 K9Mail K 9 Mail 3.314 K9Mail K 9 Mail 3.315 K9Mail K 9 Mail 3.316 K9Mail K 9 Mail 3.317 K9Mail K 9 Mail 3.318 K9Mail K 9 Mail 3.319 K9Mail K 9 Mail 3.320 K9Mail K 9 Mail 3.390 K9Mail K 9 Mail 3.391 K9Mail K 9 Mail 3.400 K9Mail K 9 Mail 3.401 K9Mail K 9 Mail 3.402 K9Mail K 9 Mail 3.403 K9Mail K 9 Mail 3.404 K9Mail K 9 Mail 3.501 K9Mail K 9 Mail 3.502 K9Mail K 9 Mail 3.503 K9Mail K 9 Mail 3.504 K9Mail K 9 Mail 3.505 K9Mail K 9 Mail 3.506 K9Mail K 9 Mail 3.507 K9Mail K 9 Mail 3.508 K9Mail K 9 Mail 3.509 K9Mail K 9 Mail 3.510 K9Mail K 9 Mail 3.511 K9Mail K 9 Mail 3.512 K9Mail K 9 Mail 3.590 K9Mail K 9 Mail 3.591 K9Mail K 9 Mail 3.592 K9Mail K 9 Mail 3.593 K9Mail K 9 Mail 3.594 K9Mail K 9 Mail 3.595 K9Mail K 9 Mail 3.596 K9Mail K 9 Mail 3.600 K9Mail K 9 Mail 3.601 K9Mail K 9 Mail 3.602 K9Mail K 9 Mail 3.603 K9Mail K 9 Mail 3.604 K9Mail K 9 Mail 3.605 K9Mail K 9 Mail 3.701 K9Mail K 9 Mail 3.702 K9Mail K 9 Mail 3.703 K9Mail K 9 Mail 3.704 K9Mail K 9 Mail 3.705 K9Mail K 9 Mail 3.706 K9Mail K 9 Mail 3.708 K9Mail K 9 Mail 3.709 K9Mail K 9 Mail 3.710 K9Mail K 9 Mail 3.711 K9Mail K 9 Mail 3.712 K9Mail K 9 Mail 3.713 K9Mail K 9 Mail 3.714 K9Mail K 9 Mail 3.790 K9Mail K 9 Mail 3.791 K9Mail K 9 Mail 3.792 K9Mail K 9 Mail 3.793 K9Mail K 9 Mail 3.800 K9Mail K 9 Mail 3.801 K9Mail K 9 Mail 3.802 K9Mail K 9 Mail 3.803 K9Mail K 9 Mail 3.900 K9Mail K 9 Mail 3.901 K9Mail K 9 Mail 3.902 K9Mail K 9 Mail 3.904 K9Mail K 9 Mail 3.905 K9Mail K 9 Mail 3.906 K9Mail K 9 Mail 3.907 K9Mail K 9 Mail 3.908 K9Mail K 9 Mail 3.909 K9Mail K 9 Mail 3.910 K9Mail K 9 Mail 3.911 K9Mail K 9 Mail 3.912 K9Mail K 9 Mail 3.913 K9Mail K 9 Mail 3.990 K9Mail K 9 Mail 3.991 K9Mail K 9 Mail 3.992 K9Mail K 9 Mail 3.993 K9Mail K 9 Mail 4.000 K9Mail K 9 Mail 4.001 K9Mail K 9 Mail 4.002 K9Mail K 9 Mail 4.003 K9Mail K 9 Mail 4.004 K9Mail K 9 Mail 4.005 K9Mail K 9 Mail 4.006 K9Mail K 9 Mail 4.007 K9Mail K 9 Mail 4.008 K9Mail K 9 Mail 4.009 K9Mail K 9 Mail 4.010 K9Mail K 9 Mail 4.011 K9Mail K 9 Mail 4.101 K9Mail K 9 Mail 4.103 K9Mail K 9 Mail 4.104 K9Mail K 9 Mail 4.105 K9Mail K 9 Mail 4.106 K9Mail K 9 Mail 4.107 K9Mail K 9 Mail 4.108 K9Mail K 9 Mail 4.109 K9Mail K 9 Mail 4.110 K9Mail K 9 Mail 4.112 K9Mail K 9 Mail 4.113 K9Mail K 9 Mail 4.114 K9Mail K 9 Mail 4.115 K9Mail K 9 Mail 4.116 K9Mail K 9 Mail 4.117 K9Mail K 9 Mail 4.118 K9Mail K 9 Mail 4.119 K9Mail K 9 Mail 4.120 K9Mail K 9 Mail 4.121 K9Mail K 9 Mail 4.191 K9Mail K 9 Mail 4.192 K9Mail K 9 Mail 4.193 K9Mail K 9 Mail 4.200 K9Mail K 9 Mail 4.201 K9Mail K 9 Mail 4.301 K9Mail K 9 Mail 4.302 K9Mail K 9 Mail 4.303 K9Mail K 9 Mail 4.304 K9Mail K 9 Mail 4.305 K9Mail K 9 Mail 4.306 K9Mail K 9 Mail 4.307 K9Mail K 9 Mail 4.308 K9Mail K 9 Mail 4.309 K9Mail K 9 Mail 4.310 K9Mail K 9 Mail 4.311 K9Mail K 9 Mail 4.312 K9Mail K 9 Mail 4.313 K9Mail K 9 Mail 4.314 K9Mail K 9 Mail 4.315 K9Mail K 9 Mail 4.316 K9Mail K 9 Mail 4.317 K9Mail K 9 Mail 4.318 K9Mail K 9 Mail 4.319 K9Mail K 9 Mail 4.320 K9Mail K 9 Mail 4.321 K9Mail K 9 Mail 4.322 K9Mail K 9 Mail 4.323 K9Mail K 9 Mail 4.324 K9Mail K 9 Mail 4.325 K9Mail K 9 Mail 4.326 K9Mail K 9 Mail 4.327 K9Mail K 9 Mail 4.328 K9Mail K 9 Mail 4.329 K9Mail K 9 Mail 4.330 K9Mail K 9 Mail 4.331 K9Mail K 9 Mail 4.390 K9Mail K 9 Mail 4.391 K9Mail K 9 Mail 4.392 K9Mail K 9 Mail 4.393 K9Mail K 9 Mail 4.400 K9Mail K 9 Mail 4.401 K9Mail K 9 Mail 4.402 K9Mail K 9 Mail 4.403 K9Mail K 9 Mail 4.404 K9Mail K 9 Mail 4.405 K9Mail K 9 Mail 4.406 K9Mail K 9 Mail 4.407 K9Mail K 9 Mail 4.408 K9Mail K 9 Mail 4.409 K9Mail K 9 Mail 4.501 K9Mail K 9 Mail 4.502 K9Mail K 9 Mail 4.503 K9Mail K 9 Mail 4.504 K9Mail K 9 Mail 4.505 K9Mail K 9 Mail 4.506 K9Mail K 9 Mail 4.507 K9Mail K 9 Mail 4.508 K9Mail K 9 Mail 4.509 K9Mail K 9 Mail 4.510 K9Mail K 9 Mail 4.511 K9Mail K 9 Mail 4.512 K9Mail K 9 Mail 4.590 K9Mail K 9 Mail 4.700 K9Mail K 9 Mail 4.701 K9Mail K 9 Mail 4.800 K9Mail K 9 Mail 4.801 K9Mail K 9 Mail 4.802 K9Mail K 9 Mail 4.803 K9Mail K 9 Mail 4.804 K9Mail K 9 Mail 4.900 K9Mail K 9 Mail 4.901 K9Mail K 9 Mail 4.902 K9Mail K 9 Mail 4.903 K9Mail K 9 Mail 4.904 K9Mail K 9 Mail 4.905 K9Mail K 9 Mail 5.000 K9Mail K 9 Mail 5.000-Rc1 K9Mail K 9 Mail 5.001 K9Mail K 9 Mail 5.002 K9Mail K 9 Mail 5.003 K9Mail K 9 Mail 5.004 K9Mail K 9 Mail 5.005 K9Mail K 9 Mail 5.006 K9Mail K 9 Mail 5.007 K9Mail K 9 Mail 5.008 K9Mail K 9 Mail 5.008-Rc1 K9Mail K 9 Mail 5.009 K9Mail K 9 Mail 5.010 K9Mail K 9 Mail 5.100 K9Mail K 9 Mail 5.101 K9Mail K 9 Mail 5.102 K9Mail K 9 Mail 5.103 K9Mail K 9 Mail 5.104 K9Mail K 9 Mail 5.105 K9Mail K 9 Mail 5.106 K9Mail K 9 Mail 5.107 K9Mail K 9 Mail 5.108 K9Mail K 9 Mail 5.109 K9Mail K 9 Mail 5.110 K9Mail K 9 Mail 5.111 K9Mail K 9 Mail 5.112 K9Mail K 9 Mail 5.113 K9Mail K 9 Mail 5.114 K9Mail K 9 Mail 5.115 K9Mail K 9 Mail 5.200 K9Mail K 9 Mail 5.200-Rc1 K9Mail K 9 Mail 5.200-Rc2 K9Mail K 9 Mail 5.201 K9Mail K 9 Mail 5.202 K9Mail K 9 Mail 5.203 K9Mail K 9 Mail 5.204 K9Mail K 9 Mail 5.205 K9Mail K 9 Mail 5.206 K9Mail K 9 Mail 5.207 K9Mail K 9 Mail 5.208 K9Mail K 9 Mail 5.300 K9Mail K 9 Mail 5.301 K9Mail K 9 Mail 5.302 K9Mail K 9 Mail 5.303 K9Mail K 9 Mail 5.304 K9Mail K 9 Mail 5.400 K9Mail K 9 Mail 5.401 K9Mail K 9 Mail 5.402 K9Mail K 9 Mail 5.403 K9Mail K 9 Mail 5.500 K9Mail K 9 Mail 5.501 K9Mail K 9 Mail 5.502 K9Mail K 9 Mail 5.503 K9Mail K 9 Mail 5.600	366

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References