Searchblox · Searchblox · CVE-2018-11586
**Name of the Vulnerable Software and Affected Versions**
SearchBlox version 8.6.7
**Description**
A XML external entity (XXE) issue in the `api/rest/status` endpoint allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks by sending a crafted DTD in an XML request.
**Recommendations**
For SearchBlox version 8.6.7, as a temporary workaround, consider disabling the `api/rest/status` endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using crafted DTDs in XML requests to the affected endpoint until the issue is resolved.