Vulnerability in Ofbiz
CVE-2011-3600
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it c…
EPSS: 0.718 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Ofbiz — versions 16.11.01 to 16.11.04
References
- security-tracker.debian.org/tracker/CVE-2011-3600 (x_refsource_MISC)
- bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
- access.redhat.com/security/cve/cve-2011-3600 (x_refsource_MISC)
- lists.apache.org/thread.html/7793319ae80ec350f7b82a8763460944f120ebe447f14a1215… (x_refsource_MISC)
- mail-archives.apache.org/mod_mbox/ofbiz-user/201810.mbox/<fad45546-af86-0293-9e… (x_refsource_CONFIRM)