PT-2014-6260 · Linux Foundation · Opendaylight
Published
2014-08-26
·
Updated
2018-10-09
·
CVE-2014-5035
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenDaylight version 1.0
Description
The issue allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.
Recommendations
For OpenDaylight version 1.0, consider disabling the Netconf (TCP) service until a patch is available to prevent exploitation of the XXE issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Opendaylight