Vulnerabilities > CVE-2018-11586 - Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
searchblox
CWE-918
critical
exploit available

Summary

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Vulnerable Configurations

Part Description Count
Application
Searchblox
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionSearchBlox 8.6.7 - XML External Entity Injection. CVE-2018-11586. Webapps exploit for Java platform
fileexploits/java/webapps/44827.txt
idEDB-ID:44827
last seen2018-06-04
modified2018-06-04
platformjava
port
published2018-06-04
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44827/
titleSearchBlox 8.6.7 - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148032/searchblox867-xml.txt
idPACKETSTORM:148032
last seen2018-06-05
published2018-06-04
reporterCanberk BOLAT
sourcehttps://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html
titleSearchBlox 8.6.7 XML External Entity Injection