CVE-2015-1833

Name of the Vulnerable Software and Affected Versions Apache Jackrabbit versions 2.0.0 through 2.0.5 Apache Jackrabbit versions 2.2.x through 2.2.13 Apache Jackrabbit versions 2.4.x through 2.4.5 Apache Jackrabbit versions 2.6.x through 2.6.5 Apache Jackrabbit versions 2.8.x through 2.8.0 Apache Jackrabbit versions 2.10.x through 2.10.0

Description The issue allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request, exploiting an XML external entity (XXE) vulnerability.

Recommendations For Apache Jackrabbit versions 2.0.0 through 2.0.5, update to version 2.0.6 or later. For Apache Jackrabbit versions 2.2.x through 2.2.13, update to version 2.2.14 or later. For Apache Jackrabbit versions 2.4.x through 2.4.5, update to version 2.4.6 or later. For Apache Jackrabbit versions 2.6.x through 2.6.5, update to version 2.6.6 or later. For Apache Jackrabbit versions 2.8.x through 2.8.0, update to version 2.8.1 or later. For Apache Jackrabbit versions 2.10.x through 2.10.0, update to version 2.10.1 or later.