CVE-2018-11586

Name of the Vulnerable Software and Affected Versions SearchBlox version 8.6.7

Description A XML external entity (XXE) issue in the api/rest/status endpoint allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks by sending a crafted DTD in an XML request.

Recommendations For SearchBlox version 8.6.7, as a temporary workaround, consider disabling the api/rest/status endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using crafted DTDs in XML requests to the affected endpoint until the issue is resolved.