Vulnerabilities > CVE-2018-11586 - Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | SearchBlox 8.6.7 - XML External Entity Injection. CVE-2018-11586. Webapps exploit for Java platform |
| file | exploits/java/webapps/44827.txt |
| id | EDB-ID:44827 |
| last seen | 2018-06-04 |
| modified | 2018-06-04 |
| platform | java |
| port | |
| published | 2018-06-04 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44827/ |
| title | SearchBlox 8.6.7 - XML External Entity Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148032/searchblox867-xml.txt |
| id | PACKETSTORM:148032 |
| last seen | 2018-06-05 |
| published | 2018-06-04 |
| reporter | Canberk BOLAT |
| source | https://packetstormsecurity.com/files/148032/SearchBlox-8.6.7-XML-External-Entity-Injection.html |
| title | SearchBlox 8.6.7 XML External Entity Injection |