CVE-2018-1000831

Name of the Vulnerable Software and Affected Versions K9Mail versions prior to v5.601

Description The issue concerns a XML External Entity (XXE) vulnerability in the WebDAV response parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via a malicious WebDAV server or by intercepting the response of a valid WebDAV server.

Recommendations For versions prior to v5.601, update to version v5.601 or later to resolve the issue. As a temporary workaround, consider restricting access to WebDAV servers to minimize the risk of exploitation. Avoid using potentially malicious WebDAV servers until the issue is resolved.