HomePentest-Tools.com Logo

Atlassian Crowd XXE Vulnerability (CWD-3366) - Active Check CVE-2013-3925

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Atlassian Crowd is prone to an XML external entity (XXE) vulnerability.

Risk description

The flaw is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. Successful exploitation allows remote attackers to gain access to arbitrary files by sending specially crafted XML data.

Recommendation

Update to version 2.5.4, 2.6.3, 2.7 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 1, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available